The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
Max CVSS
4.3
EPSS Score
0.35%
Published
2008-11-17
Updated
2012-10-31
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-11-17
Updated
2012-10-31
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Max CVSS
5.0
EPSS Score
0.33%
Published
2008-07-14
Updated
2017-08-08
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
Max CVSS
4.3
EPSS Score
0.45%
Published
2008-06-02
Updated
2017-08-08
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
Max CVSS
2.1
EPSS Score
0.08%
Published
2008-03-19
Updated
2017-08-08
5 vulnerabilities found