Description
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3232
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32706
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32291
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3318
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021226
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3298
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32756
Scores
EPSS
0.0032
EPSS Percentile
24.4%
Details
CWE
CWE-200
Status
published
Products (35)
apple/safari
apple/safari
0.8
apple/safari
0.9
apple/safari
1.0 (3 CPE variants)
apple/safari
1.0.3
apple/safari
1.1
apple/safari
1.1.1
apple/safari
1.2
apple/safari
1.2.1
apple/safari
1.2.2
... and 25 more
Published
Nov 17, 2008
Tracked Since
Feb 18, 2026