WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html | Vendor Advisory |
http://support.apple.com/HT204245 | Vendor Advisory |
http://support.apple.com/HT204246 | Vendor Advisory |
http://support.apple.com/kb/HT6596 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2014-12-10 21:59
Updated : 2024-02-04 18:35
NVD link : CVE-2014-4465
Mitre link : CVE-2014-4465
CVE.ORG link : CVE-2014-4465
JSON object : View
Products Affected
apple
- iphone_os
- safari
- tvos
CWE
CWE-20
Improper Input Validation