CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
OR cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*

History

No history.

Information

Published : 2007-06-25 19:30

Updated : 2024-02-28 11:01


NVD link : CVE-2007-2400

Mitre link : CVE-2007-2400

CVE.ORG link : CVE-2007-2400


JSON object : View

Products Affected

apple

  • mac_os_x
  • safari
  • iphone_os

microsoft

  • windows_vista
  • windows_xp
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')