Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Apple Safari: urlbar/window title spoofing
From: "Mark Senior" <senatorfrog () gmail com>
Date: Fri, 15 Jun 2007 08:07:39 -0600

Tested on OS X; Safari 2.0.4, OmniWeb 5.5.4, and Camino 1.0.3 all have
different behaviours, but none is vulnerable.

Cheers
Mark

On 6/14/07, Robert Swiecki wrote:

There is a vulnerability in Apple Safari...

Here's another one. With a specially crafted web page, an attacker can
fill the client browser window with an arbitrary content, whereas window
title and the content of the urlbar are freely settable.

Tested with shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003
SE SP2.

http://alt.swiecki.net/saff.html


--
Robert Swiecki
http://www.swiecki.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]