CVE-2017-2442

Published: 02/04/2017 Updated: 16/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue exists in certain Apple products. iOS prior to 10.3 is affected. Safari prior to 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari
apple iphone os

Several security issues were fixed in WebKitGTK+ ...

An issue has been found in WebKit, involving the “WebKit JavaScript Bindings” component It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site ...

<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=1068 Here is the definition of |JSCallbackData| class This class is used to call a javascript function from a DOM object class JSCallbackDataStrong : public JSCallbackData { public: JSCallbackDataStrong(JSC::JSObject* callback, void*) : m_callback(callback-&gt ...

Apple WebKit suffered from a cross site scripting vulnerability with JSCallbackData ...

CWE-20 https://support.apple.com/HT207617 https://support.apple.com/HT207600 http://www.securityfocus.com/bid/97129 https://security.gentoo.org/glsa/201706-15 http://www.securitytracker.com/id/1038137 https://www.exploit-db.com/exploits/41800/https://nvd.nist.gov https://usn.ubuntu.com/3257-1/https://www.exploit-db.com/exploits/41800/

CVE-2017-2442

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect