4.3

CVE-2008-4216

The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."

Data is provided by the National Vulnerability Database (NVD)
AppleSafari Editionwindows
AppleSafari Version <= 3.1.2
AppleSafari Version0.8
AppleSafari Version0.9
AppleSafari Version1.0
AppleSafari Version1.0 Updatebeta
AppleSafari Version1.0 Updatebeta2
AppleSafari Version1.0.3
AppleSafari Version1.1
AppleSafari Version1.1.1
AppleSafari Version1.2
AppleSafari Version1.2.1
AppleSafari Version1.2.2
AppleSafari Version1.2.3
AppleSafari Version1.2.4
AppleSafari Version1.2.5
AppleSafari Version1.3
AppleSafari Version1.3.1
AppleSafari Version1.3.2
AppleSafari Version2
AppleSafari Version2.0
AppleSafari Version2.0.1
AppleSafari Version2.0.2
AppleSafari Version2.0.3
AppleSafari Version2.0.3_417.9.3
AppleSafari Version2.0.4
AppleSafari Version2.0.4_419.3
AppleSafari Version2.0_pre
AppleSafari Version3
AppleSafari Version3.0
AppleSafari Version3.0 Editionwindows
AppleSafari Version3.0.1
AppleSafari Version3.0.1 Editionwindows
AppleSafari Version3.0.2
AppleSafari Version3.0.2 Editionwindows
AppleSafari Version3.0.3
AppleSafari Version3.0.3 Editionwindows
AppleSafari Version3.0.4
AppleSafari Version3.0.4_beta
AppleSafari Version3.0.4_beta Editionwindows
AppleSafari Version3.1
AppleSafari Version3.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.64% 0.681
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.