Sign-up

ID

VAR-201207-0486


CVE

CVE-2012-0678


TITLE

Apple Safari 6.0 Cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-003308

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects Apple Safari versions prior to 6.0. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems

Trust: 1.98

sources: NVD: CVE-2012-0678 // JVNDB: JVNDB-2012-003308 // BID: 54683 // VULHUB: VHN-53959

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 1.9

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.9

vendor:applemodel:safariscope:eqversion:5.1.7 before (windows)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.0 (mac os)

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

sources: BID: 54683 // JVNDB: JVNDB-2012-003308 // CNNVD: CNNVD-201207-448 // NVD: CVE-2012-0678

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0678
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0678
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201207-448
value: MEDIUM

Trust: 0.6

VULHUB: VHN-53959
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-0678
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53959
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-53959 // JVNDB: JVNDB-2012-003308 // CNNVD: CNNVD-201207-448 // NVD: CVE-2012-0678

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-53959 // JVNDB: JVNDB-2012-003308 // NVD: CVE-2012-0678

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-448

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201207-448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003308

PATCH
title:APPLE-SA-2012-07-25-1url:http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003308

EXTERNAL IDS
db:NVDid:CVE-2012-0678
Trust: 2.8
db:JVNDBid:JVNDB-2012-003308
Trust: 0.8
db:CNNVDid:CNNVD-201207-448
Trust: 0.7
db:APPLEid:APPLE-SA-2012-07-25-1
Trust: 0.6
db:NSFOCUSid:20170
Trust: 0.6
db:NSFOCUSid:20147
Trust: 0.6
db:BIDid:54683
Trust: 0.4
db:SEEBUGid:SSVID-60298
Trust: 0.1
db:VULHUBid:VHN-53959
Trust: 0.1
sources:
            
            
            VULHUB: VHN-53959 // 
            
            
            
            BID: 54683 // 
            
            
            
            JVNDB: JVNDB-2012-003308 // 
            
            
            
            CNNVD: CNNVD-201207-448 // 
            
            
            
            NVD: CVE-2012-0678

REFERENCES
url:http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht5400
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0678
Trust: 0.8
url:http://jvn.jp/cert/jvnvu864819
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0678
Trust: 0.8
url:http://masatokinugawa.l0.cm/2012/11/safari-feed-url-uxss.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20170
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20147
Trust: 0.6
url:http://www.apple.com/safari/download/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-53959 // 
            
            
            
            BID: 54683 // 
            
            
            
            JVNDB: JVNDB-2012-003308 // 
            
            
            
            CNNVD: CNNVD-201207-448 // 
            
            
            
            NVD: CVE-2012-0678

CREDITS
Masato Kinugawa
Trust: 0.3
sources:
            
            
            BID: 54683

SOURCES
db:VULHUBid:VHN-53959
db:BIDid:54683
db:JVNDBid:JVNDB-2012-003308
db:CNNVDid:CNNVD-201207-448
db:NVDid:CVE-2012-0678

LAST UPDATE DATE
2025-04-11T21:04:52.560000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-53959date:2012-08-08T00:00:00
db:BIDid:54683date:2012-07-26T16:31:00
db:JVNDBid:JVNDB-2012-003308date:2012-11-27T00:00:00
db:CNNVDid:CNNVD-201207-448date:2012-07-26T00:00:00
db:NVDid:CVE-2012-0678date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-53959date:2012-07-25T00:00:00
db:BIDid:54683date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003308date:2012-07-27T00:00:00
db:CNNVDid:CNNVD-201207-448date:2012-07-26T00:00:00
db:NVDid:CVE-2012-0678date:2012-07-25T19:55:01.867