CVE-2015-5780

Safari < 8.0.8 - Unauthenticated Extension Replacement via Missing User Confirmation

Title source: llm
STIX 2.1

Description

The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205265
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033688
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html

Scores

EPSS 0.0234
EPSS Percentile 81.6%

Details

CWE
CWE-20
Status published
Products (1)
apple/safari < 8.0.8
Published Oct 09, 2015
Tracked Since Feb 18, 2026