CVE-2007-2843

Apple Safari 2.0.4 - Info Disclosure

Title source: llm

Description

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gareth Heyes · javascriptremotemultiple

https://www.exploit-db.com/exploits/30078

View Code ZIP pw:eip

References (4)

[Various Sources] http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html

[Exploit] http://www.securityfocus.com/bid/24121

[Various Sources] http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/

[Third Party Advisory, VDB Entry] http://osvdb.org/38859

Scores

EPSS 0.0588

EPSS Percentile 90.6%

Details

Status published

Products (1)

apple/safari 2.0.4

Published May 24, 2007

Tracked Since Feb 18, 2026