Apple Safari for Windows Content and URLBar Spoofing Vulnerability
TITLE: Apple Safari for Windows Content and URLBar Spoofing Vulnerability
CLASS: Design Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 14 2007 12:00AM
UPDATE: Jun 14 2007 12:00AM
CREDIT: Robert Swiecki reported this issue.
VULNERABLE:
Apple Safari For Windows 3.0.1 BetaNOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Apple Safari 3.0.1 Beta for Windows is prone to a vulnerability that lets attackers spoof window titles and URL bars.
Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.
Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected.
Exploit
To exploit this issue, an attacker must entice an unsuspecting user to visit a maliciously crafted webpage.
The following URI demonstrates this issue:
http://alt.swiecki.net/saff.html
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Safari Homepage (Apple)