CVE-2023-40451
HIGH | Platform: Safari | Changelog
CVE Details
Description
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
- Apple Security Advisory
- NVD Entry
- http://seclists.org/fulldisclosure/2023/Oct/2 (Mailing List, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2023/09/28/3 (Mailing List)
- https://security.gentoo.org/glsa/202401-33
- https://support.apple.com/en-us/HT213941 (Vendor Advisory)