CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-12-10 21:59

Updated : 2024-02-04 18:35


NVD link : CVE-2014-4465

Mitre link : CVE-2014-4465

CVE.ORG link : CVE-2014-4465


JSON object : View

Products Affected

apple

  • iphone_os
  • safari
  • tvos
CWE
CWE-20

Improper Input Validation