Information disclosure vulnerability in Apple Safari due to autofilling of passwords in formsID: oval:org.secpod.oval:def:21175 | Date: (C)2014-09-22 (M)2023-11-18 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Safari before 6.2 or 7.x before 7.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict the autofilling of passwords in forms. Successful exploitation could allow attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
Platform: |
Apple Mac OS X 10.8 |
Apple Mac OS X 10.9 |
Apple Mac OS X 10.10 |
Apple Mac OS X Server 10.8 |
Apple Mac OS X Server 10.9 |
Apple Mac OS X Server 10.10 |