CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos falsificar la autenticación HTTP para otros sitios y posiblemente conducir ataques de phishing causando que se muestre una hoja de autenticación para una pestaña que no está activa, lo que hace que parezca como si está asociada con la pestaña activa. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40662 http://secunia.com/advisories/27643 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26447 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com • CWE-287: Improper Authentication •
CVE-2007-4698
https://notcve.org/view.php?id=CVE-2007-4698
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos conducir ataques de tipo cross-site scripting (XSS) causando que los eventos de JavaScript sean asociados con la trama incorrecta. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40663 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26446 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-3758
https://notcve.org/view.php?id=CVE-2007-3758
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Safari en Apple iPhone versión 1.1.1 y Safari versión 3 anterior a beta Update 3.0.4 en Windows y en Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos ajustar las propiedades de ventana de Javascript para las páginas web que están en un dominio diferente, el cual puede ser aprovechado para conducir ataques de tipo cross-site scripting (XSS). • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25857 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos "alter or access" al contenido HTTPS por medio de una sesión HTTP con una página web diseñada que causa que Javascript sea aplicado a páginas HTTPS del mismo dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25852 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-20: Improper Input Validation •
CVE-2007-3760
https://notcve.org/view.php?id=CVE-2007-3760
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. Una vulnerabilidad de tipo cross-site scripting (XSS) en Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de etiquetas de trama. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25850 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •