CVE-2012-3714

Apple Safari - Exposure of Sensitive Information via Form Autofill

Title source: llm
STIX 2.1

Description

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

References (5)

Core 5
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5502
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78681
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/85653
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55625

Scores

EPSS 0.0092
EPSS Percentile 56.2%

Details

CWE
CWE-200 CWE-264
Status published
Products (35)
apple/safari
apple/safari 1.0 (3 CPE variants)
apple/safari 1.0.0
apple/safari 1.0.0b1
apple/safari 1.0.0b2
apple/safari 1.0.1
apple/safari 1.0.2
apple/safari 1.0.3 (3 CPE variants)
apple/safari 1.0b1
apple/safari 1.1
... and 25 more
Published Sep 20, 2012
Tracked Since Feb 18, 2026