Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability

Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability

Apple Safari 3 Beta for Windows is prone to a content-spoofing vulnerability that allows attackers to steal browser cookie data or to populate a vulnerable Safari browser window with arbitrary malicious content. During such an attack, the originating URL and window title reportedly still display the originating domain rather than the attacking domain.

This issue affects Safari 3.0 (522.11.3) on Windows 2003 SE SP2 and Windows XP SP2.

NOTE: Apple has released Safari 3.0.1 Beta for Windows.