loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Webkit | Apple | * | r58408 (including) |
Webkit | Apple | r50173 (including) | r50173 (including) |
Webkit | Apple | r56187 (including) | r56187 (including) |
Webkit | Apple | r56188 (including) | r56188 (including) |
Webkit | Apple | r56379 (including) | r56379 (including) |