Unrated severityNVD Advisory· Published Jun 25, 2007· Updated Apr 23, 2026

CVE-2007-2400

Description

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

Affected products

Apple Inc./Safari2 versions
cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/Security-announce/2007/Jun/msg00004.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/24599nvdPatch
www.securitytracker.com/idnvdPatch
docs.info.apple.com/article.htmlnvdVendor Advisory
secunia.com/advisories/26287nvdVendor Advisory
www.vupen.com/english/advisories/2007/2316nvdVendor Advisory
www.vupen.com/english/advisories/2007/2731nvdVendor Advisory
www.kb.cert.org/vuls/id/289988nvdUS Government Resource
osvdb.org/36452nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000