Focus on Apple
Back to list
Apple Releases Safari 3 Beta Update 3.0.2
Jun 23 2007 12:59AM
Todd Woodward (todd_woodward symantec com)
No direct link to a Knowledge Base document on Apple's site.
Here is a short description:
In Safari Beta 3.0.1 for Windows, a timing issue allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated.
An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters.
An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution.
Security Response Researcher
Todd D. Woodward
Technical Support Engineer
[ reply ]
Copyright 2010, SecurityFocus