• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability

Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions.

Exploiting this issue may allow attackers to access locations that a user visits, even if those locations are in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.

This issue affects versions prior to Safari 3 Beta Update 3.0.2