Unrated severityNVD Advisory· Published Dec 10, 2014· Updated Jun 17, 2026
CVE-2014-4465
CVE-2014-4465
Description
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.0
- cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
- (no CPE)range: <6.2.1 (OS X), <7.1.1 (OS X), <8.0.1 (OS X)
Patches
Vulnerability mechanics
References
6- lists.apple.com/archives/security-announce/2014/Dec/msg00000.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlnvdVendor Advisory
- support.apple.com/HT204245nvdVendor Advisory
- support.apple.com/HT204246nvdVendor Advisory
- support.apple.com/kb/HT6596nvdVendor Advisory
News mentions
0No linked articles in our index yet.