<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: Re: Apple Safari: urlbar/window title spoofing

Re: Apple Safari: urlbar/window title spoofing

From: Robert Swiecki <jagger_at_swiecki.net>
Date: Fri, 15 Jun 2007 01:31:39 +0200

> There is a vulnerability in Apple Safari...

Here's another one. With a specially crafted web page, an attacker can
fill the client browser window with an arbitrary content, whereas window
title and the content of the urlbar are freely settable.

Tested with shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003
SE SP2.

http://alt.swiecki.net/saff.html

-- 
Robert Swiecki
http://www.swiecki.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Received on Jun 14 2007

This message: [ Message body ]
Next message: Nikolay Kichukov: "Re: Paper: Secure file upload in PHP web applications"
Previous message: security_at_mandriva.com: "[ MDKSA-2007:125 ] - Updated spamassassin packages fix possible DoS condition"
In reply to: Robert Swiecki: "Apple Safari: cookie stealing"
Next in thread: Mark Senior: "Re: Apple Safari: urlbar/window title spoofing"
Reply: Mark Senior: "Re: Apple Safari: urlbar/window title spoofing"
Reply: Robert Swiecki: "Re: Apple Safari: idn urlbar spoofing"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]