CVE-2012-3714
Apple Safari - Exposure of Sensitive Information via Form Autofill
Title source: llmDescription
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
References (5)
Core 5
Core References
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5502
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78681
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/85653
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55625
Scores
EPSS
0.0092
EPSS Percentile
56.2%
Details
CWE
CWE-200
CWE-264
Status
published
Products (35)
apple/safari
apple/safari
1.0 (3 CPE variants)
apple/safari
1.0.0
apple/safari
1.0.0b1
apple/safari
1.0.0b2
apple/safari
1.0.1
apple/safari
1.0.2
apple/safari
1.0.3 (3 CPE variants)
apple/safari
1.0b1
apple/safari
1.1
... and 25 more
Published
Sep 20, 2012
Tracked Since
Feb 18, 2026