CVE-2015-3754 Information

Description

The private-browsing implementation in WebKit in Apple Safari before 6.2.8 7.x before 7.1.8 and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials which makes it easier for remote attackers to track users via a crafted web site.

Reference

http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securityfocus.com/bid/76339 http://www.securitytracker.com/id/1033274 https://support.apple.com/kb/HT205033