Published: 20/02/2017 Updated: 11/03/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue exists in certain Apple products. iOS prior to 10.2.1 is affected. Safari prior to 10.0.3 is affected. tvOS prior to 10.1.1 is affected. watchOS prior to 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple safari
apple tvos
apple watchos
webkitgtk webkitgtk\\+

Several security issues were fixed in WebKitGTK+ ...

Multiple validation issues have been found in the handling of page loading in WebKitGTK+ before 2144, leading to cross-origin data exfiltration while processing maliciously crafted web content ...

<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=1049 When the new page is loading, FrameLoader::clear is called to clear the old document and window Here's a snippet of FrameLoader::clear void FrameLoader::clear(Document* newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView) { ...

CWE-200 https://support.apple.com/HT207487 https://support.apple.com/HT207485 https://support.apple.com/HT207484 https://support.apple.com/HT207482 http://www.securityfocus.com/bid/95728 https://security.gentoo.org/glsa/201706-15 http://www.securitytracker.com/id/1037668 https://www.exploit-db.com/exploits/41449/https://usn.ubuntu.com/3200-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/41449/

CVE-2017-2363

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect