Full Disclosure mailing list archives
Re: Apple Safari: urlbar/window title spoofing
From: Robert Swiecki <jagger () swiecki net>
Date: Fri, 15 Jun 2007 01:31:39 +0200
There is a vulnerability in Apple Safari...
Here's another one. With a specially crafted web page, an attacker can fill the client browser window with an arbitrary content, whereas window title and the content of the urlbar are freely settable. Tested with shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2. http://alt.swiecki.net/saff.html -- Robert Swiecki http://www.swiecki.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apple Safari: cookie stealing Robert Swiecki (Jun 13)
- Re: Apple Safari: cookie stealing Michal Zalewski (Jun 13)
- Re: Apple Safari: urlbar/window title spoofing Robert Swiecki (Jun 14)
- Re: Apple Safari: urlbar/window title spoofing Mark Senior (Jun 15)
- Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 25)
- Re: Apple Safari: idn urlbar spoofing Larry Seltzer (Jun 25)
- Re: Apple Safari: idn urlbar spoofing Michal Zalewski (Jun 25)
- Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 27)
- <Possible follow-ups>
- Re: Apple Safari: cookie stealing Joey Mengele (Jun 13)