CVE-2015-3753
Safari 6.0-6.2.8 - Exposure of Sensitive Image Data via Canvas Taint Bypass
Title source: manualDescription
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033274
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205030
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76341
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205033
Scores
EPSS
0.0266
EPSS Percentile
83.8%
Details
CWE
CWE-200
Status
published
Products (2)
apple/iphone_os
< 8.4.1
apple/safari
6.0 - 6.2.8
Published
Aug 16, 2015
Tracked Since
Feb 18, 2026