Information disclosure vulnerability in webKit in Apple Safari by leveraging a redirect to a data:image resource (Mac OS X)ID: oval:org.secpod.oval:def:26099 | Date: (C)2015-08-24 (M)2023-11-18 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly perform taint checking for CANVAS elements. Successful exploitation allows attackers to bypass the Same Origin Policy and obtain sensitive image data.
Platform: |
Apple Mac OS X 10.8 |
Apple Mac OS X 10.9 |
Apple Mac OS X 10.10 |
Apple Mac OS X Server 10.8 |
Apple Mac OS X Server 10.9 |
Apple Mac OS X Server 10.10 |