Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability

Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability

Attackers use standard HTML design utilities and webserver applications to exploit this issue.

A proof-of-concept example by Gareth Heyes is available at the following location where a browser can be tested for this weakness.

Proof of Concept: http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html

The JavaScript code for this example is available:

/data/vulnerabilities/exploits/snoop.js