Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Apple Safari: cookie stealing
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Wed, 13 Jun 2007 10:37:33 -0400

curl 7.15.1 compiled from source on RHEL 4 is not affected. Can 
anyone else confirm?

J

On Wed, 13 Jun 2007 06:34:42 -0400 Robert Swiecki 
<jagger () swiecki net> wrote:
There is a vulnerability in Apple Safari, that allows an attacker 
to
steal a cookie belonging to the arbitrary domain or/and fill the 
browser
window with an arbitrary content, whereas the url bar and the 
browser's
window title is derived from the selected domain.

The flaw exists in the javascript's window.setTimeout() 
implementation.
The content of the timer-triggered function is processed after
window.location property is changed.

Tested with Apple Safari 3.0 (522.11.3) on MS Windows 2003 SE SP2

http://alt.swiecki.net/safc.html

-- 
Robert Swiecki
http://www.swiecki.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
Click to become an artist and quit your boring job
http://tagline.hushmail.com/fc/CAaCXv1P278gujyHrPaciXl9iz0Jg7XU/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault