CVE-2008-1007

Apple Safari < 3.0.4 - XSS

Title source: rule

Description

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

References (9)

Scores

EPSS 0.0095
EPSS Percentile 76.1%

Classification

CWE
CWE-79
Status draft

Affected Products (16)

apple/safari < 3.0.4
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
... and 1 more

Timeline

Published Mar 19, 2008
Tracked Since Feb 18, 2026