Details of VAR-200901-0221

ID

VAR-200901-0221

CVE

CVE-2008-5914

TITLE

Apple Safari of JavaScript Vulnerability in implementations that can be acted upon by disguised pop-up messages

Trust: 0.8

sources: JVNDB: JVNDB-2009-001690

DESCRIPTION

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Multiple web browsers are prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks. The following browsers are vulnerable: Microsoft Internet Explorer Mozilla Firefox Apple Safari Google Chrome Opera Other browsers may also be affected

Trust: 1.98

sources: NVD: CVE-2008-5914 // JVNDB: JVNDB-2009-001690 // BID: 33276 // VULHUB: VHN-36039

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	safari	scope:	eq	version:	*	Trust: 1.0
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	9.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	9.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	9.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	9.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	9.10	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk sp3	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	eq	version:	10	Trust: 0.3
vendor:	slackware	model:	linux x86 64 -current	scope:	-	version:	-	Trust: 0.3
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.1	Trust: 0.3
vendor:	slackware	model:	linux x86 64	scope:	eq	version:	13.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	13.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	12.2	Trust: 0.3
vendor:	slackware	model:	linux -current	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop version	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.63	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.62	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.61	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	9.601	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.60	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.51	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	9.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.5	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.27	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.26	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.25	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.24	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.23	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.22	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.21	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	9.201	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.20	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.02	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.19	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.18	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.17	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.16	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.15	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.14	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.11	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.10	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.9	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.8	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.7	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.6	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.5	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.99	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.9	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.7	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.6	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	seamonkey beta	scope:	eq	version:	1.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey dev	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.020	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.13	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.12	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.05	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox rc3	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox rc2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	2.01	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	7.0.5730.11	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp4	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp3	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp2	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer rc1	scope:	eq	version:	8	Trust: 0.3
vendor:	microsoft	model:	internet explorer beta	scope:	eq	version:	82	Trust: 0.3
vendor:	microsoft	model:	internet explorer beta	scope:	eq	version:	81	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	8	Trust: 0.3
vendor:	microsoft	model:	internet explorer beta3	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer beta2	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer beta1	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2010.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2010.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	2.0.172.31	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	2.0.172.30	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.61	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.3.1549	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.30	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.29	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.27	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.65	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.64	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.59	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.55	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.53	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.48	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.46	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.36	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	5.1	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	intuity audix lx sp2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx sp1	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	ne	version:	2.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	ne	version:	3.6.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	ne	version:	3.5.10	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	4	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	ne	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	ne	version:	3.0	Trust: 0.3

sources: BID: 33276 // JVNDB: JVNDB-2009-001690 // CNNVD: CNNVD-200901-225 // NVD: CVE-2008-5914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-5914
value:	LOW
Trust: 1.0
NVD:	CVE-2008-5914
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200901-225
value:	LOW
Trust: 0.6
VULHUB:	VHN-36039
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2008-5914
severity:	LOW
baseScore:	2.1
vectorString:	AV:N/AC:H/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-36039
severity:	LOW
baseScore:	2.1
vectorString:	AV:N/AC:H/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-36039 // JVNDB: JVNDB-2009-001690 // CNNVD: CNNVD-200901-225 // NVD: CVE-2008-5914

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2009-001690 // NVD: CVE-2008-5914

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200901-225

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200901-225

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001690

PATCH

title:

Top Page

url:

http://www.apple.com/support/

Trust: 0.8

sources: JVNDB: JVNDB-2009-001690

EXTERNAL IDS

db:	NVD	id:	CVE-2008-5914	Trust: 2.8
db:	BID	id:	33276	Trust: 2.0
db:	JVNDB	id:	JVNDB-2009-001690	Trust: 0.8
db:	CNNVD	id:	CNNVD-200901-225	Trust: 0.7
db:	VULHUB	id:	VHN-36039	Trust: 0.1

sources: VULHUB: VHN-36039 // BID: 33276 // JVNDB: JVNDB-2009-001690 // CNNVD: CNNVD-200901-225 // NVD: CVE-2008-5914

REFERENCES

url:	http://www.trusteer.com/files/in-session-phishing-advisory-2.pdf	Trust: 2.0
url:	http://www.securityfocus.com/bid/33276	Trust: 1.7
url:	http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html	Trust: 1.7
url:	http://www.darkreading.com/security/attacks/showarticle.jhtml?articleid=212900161	Trust: 1.7
url:	http://www.infoworld.com/article/09/01/13/browser_bug_could_allow_phishing_without_email_1.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5914	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5914	Trust: 0.8
url:	http://support.apple.com/kb/ht3639	Trust: 0.3
url:	http://www.apple.com/safari/download/	Trust: 0.3
url:	http://www.google.com/chrome	Trust: 0.3
url:	http://www.microsoft.com/windows/ie/default.mspx	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	http://www.mozilla.com/en-us/	Trust: 0.3
url:	http://www.opera.com/	Trust: 0.3
url:	http://www.trusteer.com/temporary-user-tracking-in-major-browsers	Trust: 0.3
url:	/archive/1/504165	Trust: 0.3
url:	http://support.avaya.com/css/p8/documents/100091069	Trust: 0.3
url:	http://www.mozilla.org/security/announce/2010/mfsa2010-33.html	Trust: 0.3

sources: VULHUB: VHN-36039 // BID: 33276 // JVNDB: JVNDB-2009-001690 // CNNVD: CNNVD-200901-225 // NVD: CVE-2008-5914

CREDITS

Amit Klein

Trust: 0.3

sources: BID: 33276

SOURCES

db:	VULHUB	id:	VHN-36039
db:	BID	id:	33276
db:	JVNDB	id:	JVNDB-2009-001690
db:	CNNVD	id:	CNNVD-200901-225
db:	NVD	id:	CVE-2008-5914

LAST UPDATE DATE

2025-04-10T22:39:24.975000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-36039	date:	2009-01-23T00:00:00
db:	BID	id:	33276	date:	2016-07-05T22:01:00
db:	JVNDB	id:	JVNDB-2009-001690	date:	2009-07-08T00:00:00
db:	CNNVD	id:	CNNVD-200901-225	date:	2009-01-23T00:00:00
db:	NVD	id:	CVE-2008-5914	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-36039	date:	2009-01-20T00:00:00
db:	BID	id:	33276	date:	2009-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2009-001690	date:	2009-07-08T00:00:00
db:	CNNVD	id:	CNNVD-200901-225	date:	2009-01-20T00:00:00
db:	NVD	id:	CVE-2008-5914	date:	2009-01-20T16:30:00.390