CVE-2009-1706

MEDIUM

Description

The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://osvdb.org/54997

http://secunia.com/advisories/35379

http://support.apple.com/kb/HT3613

http://www.securityfocus.com/bid/35260

http://www.securityfocus.com/bid/35346

http://www.vupen.com/english/advisories/2009/1522

Details

Source: MITRE

Published: 2009-06-10

Updated: 2009-06-19

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM