CVE-2009-1710

high

Description

WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51263

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2009/1522

http://www.securityfocus.com/bid/35340

http://www.debian.org/security/2009/dsa-1950

http://support.apple.com/kb/HT3613

http://secunia.com/advisories/43068

http://secunia.com/advisories/37746

http://secunia.com/advisories/35379

http://osvdb.org/55014

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Details

Source: Mitre, NVD

Published: 2009-06-10

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

Detections

Analytics