WebKit, as used in Apple Safari prior to 6.1.4 and 7.x prior to 7.0.4, does not properly interpret Unicode encoding, which allows remote malicious users to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari 7.0.3 |
||
apple safari |
||
apple safari 6.0.1 |
||
apple safari 6.0.2 |
||
apple safari 6.0.3 |
||
apple safari 6.0.4 |
||
apple safari 7.0.2 |
||
apple safari 7.0 |
||
apple safari 6.1 |
||
apple safari 6.1.2 |
||
apple safari 7.0.1 |
||
apple safari 6.0 |
||
apple safari 6.0.5 |
||
apple safari 6.1.1 |