Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting Vulnerability

Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting Vulnerability

Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.