Description
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033274
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76339
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205033
Scores
EPSS
0.0193
EPSS Percentile
77.6%
Details
CWE
CWE-200
Status
published
Products (1)
apple/safari
6.0 - 6.2.8
Published
Aug 16, 2015
Tracked Since
Feb 18, 2026