CVE-2008-3644

Properties

Published:
16.11.2008
Updated:
27.11.2008
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:M/Au:N/C:P/I:N/A:N)
    Product:
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari
    apple: safari

    Vulnerability description

    Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.

    References:

    BID: http://www.securityfocus.com/bid/32291
    CONFIRM: http://support.apple.com/kb/HT3318
    CONFIRM: http://support.apple.com/kb/HT3298
    APPLE: http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
    APPLE: http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html