CVE-2007-2398 | Vulnerability Database | Aqua Security

Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.

Affected Software

Name	Vendor	Start Version	End Version
Windows_2003_server	Microsoft	sp2 (including)	sp2 (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
http://osvdb.org/38862
http://support.apple.com/kb/HT1467
http://www.securityfocus.com/archive/1/471452/100/0/threaded
http://www.securityfocus.com/archive/1/471454/100/0/threaded
http://www.securityfocus.com/bid/24484
http://www.securitytracker.com/id?1018282
http://www.vupen.com/english/advisories/2007/2316
http://www.vupen.com/english/advisories/2008/0979/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/35050

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2398
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html