{"vuid":"VU#766019","idnumber":"766019","name":"Apple Safari vulnerable to xss via the processing of JavaScript URLs","keywords":["Apple","Safari","xss","cross-site scripting","javascript URL","apple_security_update_2008_002"],"overview":"A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site.","clean_desc":"Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security Advisory APPLE-SA-2008-03-18: A cross-site scripting issue exists in the processing of javascript: URLs. Enticing a user to visit a maliciously crafted web page could allow the execution of JavaScript in the context of another site. This update addresses the issue by performing additional validation of javascript: URLs.","impact":"This vulnerability may allow an attacker to execute JavaScript in the context of another site.","resolution":"Apply an update\nThis issue is addressed in Apple Safari 3.1.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in Apple Security Advisory \nAPPLE-SA-2008-03-18 Apple credits Robert Swiecki of Google Information Security Team for reporting this issue.","author":"This document was written by Chris Taschner.","public":["h","t","t","p",":","/","/","d","o","c","s",".","i","n","f","o",".","a","p","p","l","e",".","c","o","m","/","a","r","t","i","c","l","e",".","h","t","m","l","?","a","r","t","n","u","m","=","3","0","7","5","6","3"],"cveids":["CVE-2008-1002"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-03-18T20:32:19Z","publicdate":"2008-03-18T00:00:00Z","datefirstpublished":"2008-03-19T17:52:00Z","dateupdated":"2008-03-19T17:53:06Z","revision":10,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"15","cam_impact":"6","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"8.91","cam_scorecurrentwidelyknown":"10.935","cam_scorecurrentwidelyknownexploited":"19.035","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.91,"vulnote":null}