WebKit in Apple Safari Numeric Character References Remote Memory Corruption Vulnerability.ID: oval:org.mitre.oval:def:6475 | Date: (C)2009-11-17 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Vista |
Microsoft Windows XP |
Microsoft Windows Server 2008 R2 |