CVE-2015-1127

low

Description

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.

References

http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html

http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

http://www.securitytracker.com/id/1032047

http://www.ubuntu.com/usn/USN-2937-1

https://support.apple.com/HT204658

Details

Source: MITRE

Published: 2015-04-10

Updated: 2016-12-03

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW