The API in the WebKit Plug-ins component in Apple Safari prior to 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote malicious users to bypass intended request restrictions via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse leap 42.1 |
||
apple safari |