<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Safari vulnerable to URL spoofing

Safari vulnerable to URL spoofing

From: Gilbert Verdian <gverdian_at_neoresearch.org>
Date: Mon, 1 Nov 2004 01:21:35 +1100

Following the discovery by Benjamin Tobias Franz for spoofing URLs in
IE by using tables within links.

http://www.packetstormsecurity.nl/0410-advisories/msieLink.txt

It is possible to spoof URLs under OS X in the latest Safari browser
1.2.3 (v125.9) by using the same method.
Ironically, this does not work with Internet Explorer on OS X version
5.2.3 (5815.1).

Tested on OS X 10.3.5 (build 7M34) with latest software update.

Further details and example at
http://www.neoresearch.org/[neo]safari_url_spoof.html

regards,

Gilbert Verdian
neoresearch.org
Received on Nov 02 2004

This message: [ Message body ]
Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200411-02 ] Cherokee: Format string vulnerability"
Previous message: roozbeh afrasiabi: "Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]