WebCore, as used in Apple Safari prior to 3.1, does not enforce the frame navigation policy for Java applets, which allows remote malicious users to conduct cross-site scripting (XSS) attacks.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple safari 1.3 |
||
apple safari 1.3.1 |
||
apple safari 3.0.3 |
||
apple safari |
||
apple safari 0.8 |
||
apple safari 1.3.2 |
||
apple safari 2.0 |
||
apple safari 2.0.2 |
||
apple safari 0.9 |
||
apple safari 1.0 |
||
apple safari 2.0.4 |
||
apple safari 3.0 |
||
apple safari 1.1 |
||
apple safari 1.2 |
||
apple safari 3.0.1 |
||
apple safari 3.0.2 |
Vulmon