Bugtraq mailing list archives

Re: [Full-disclosure] Apple Safari: cookie stealing

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Wed, 13 Jun 2007 16:46:59 +0200 (CEST)

On Wed, 13 Jun 2007, Robert Swiecki wrote:

The flaw exists in the javascript's window.setTimeout() implementation.


Forgive me the rant, but... all other recently reported problems aside,
seeing this, I can only ask - which rock did Safari developers hide under
for the past 8 years or so?

I mean... this is the type of a flaw you probably no longer even to test
for because it seems too obvious - 'ping -l 65510' of the browser world...

/mz

Current thread:

Apple Safari: cookie stealing Robert Swiecki (Jun 13)
- Re: [Full-disclosure] Apple Safari: cookie stealing Michal Zalewski (Jun 13)
- Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Robert Swiecki (Jun 15)
  - Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Mark Senior (Jun 15)
  - Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 25)
    - RE: [Full-disclosure] Apple Safari: idn urlbar spoofing Larry Seltzer (Jun 25)
    - Re: [Full-disclosure] Apple Safari: idn urlbar spoofing Michal Zalewski (Jun 25)
    - Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 27)