CVE-2008-1006

N/A Unknown

Published: March 19, 2008 Modified: April 23, 2026

Description

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://docs.info.apple.com/article.html?artnum=307563

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html

Source: cve@mitre.org

Patch

http://secunia.com/advisories/29393

Source: cve@mitre.org

http://www.securityfocus.com/bid/28290

Source: cve@mitre.org

http://www.securityfocus.com/bid/28332

Source: cve@mitre.org

http://www.securitytracker.com/id?1019653

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA08-079A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2008/0920/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41326

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307563