CVE-2014-4465

MEDIUM

Description

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

References

http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html

http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

http://support.apple.com/HT204245

http://support.apple.com/HT204246

http://support.apple.com/kb/HT6596

Details

Source: MITRE

Published: 2014-12-10

Updated: 2019-03-08

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM