The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
References
Link | Resource |
---|---|
http://www.vupen.com/english/advisories/2009/1522 | Patch Vendor Advisory |
http://secunia.com/advisories/35379 | Vendor Advisory |
http://www.securityfocus.com/bid/35260 | Exploit Patch |
http://support.apple.com/kb/HT3613 | Patch Vendor Advisory |
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/35346 | |
http://osvdb.org/54997 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-06-10 11:00
Updated : 2009-06-18 22:32
NVD link : CVE-2009-1706
Mitre link : CVE-2009-1706
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apple
- safari