The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | Patch Vendor Advisory |
http://osvdb.org/54997 | |
http://secunia.com/advisories/35379 | Vendor Advisory |
http://support.apple.com/kb/HT3613 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/35260 | Exploit Patch |
http://www.securityfocus.com/bid/35346 | |
http://www.vupen.com/english/advisories/2009/1522 | Patch Vendor Advisory |
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | Patch Vendor Advisory |
http://osvdb.org/54997 | |
http://secunia.com/advisories/35379 | Vendor Advisory |
http://support.apple.com/kb/HT3613 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/35260 | Exploit Patch |
http://www.securityfocus.com/bid/35346 | |
http://www.vupen.com/english/advisories/2009/1522 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:03
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html - Patch, Vendor Advisory | |
References | () http://osvdb.org/54997 - | |
References | () http://secunia.com/advisories/35379 - Vendor Advisory | |
References | () http://support.apple.com/kb/HT3613 - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/35260 - Exploit, Patch | |
References | () http://www.securityfocus.com/bid/35346 - | |
References | () http://www.vupen.com/english/advisories/2009/1522 - Patch, Vendor Advisory |
Information
Published : 2009-06-10 18:00
Updated : 2024-11-21 01:03
NVD link : CVE-2009-1706
Mitre link : CVE-2009-1706
CVE.ORG link : CVE-2009-1706
JSON object : View
Products Affected
apple
- safari
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor