The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
Max CVSS
4.3
EPSS Score
0.32%
Published
2012-09-20
Updated
2017-08-29
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-07-25
Updated
2012-11-30
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Max CVSS
4.3
EPSS Score
0.36%
Published
2012-07-25
Updated
2013-03-22
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
Max CVSS
5.0
EPSS Score
0.19%
Published
2012-03-12
Updated
2018-01-06
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.
Max CVSS
5.0
EPSS Score
0.15%
Published
2012-03-12
Updated
2018-01-06
5 vulnerabilities found