• info
• discussion
• exploit
• solution
• references

Apple Safari 'safari-extension://' URL Handling Directory Traversal Vulnerability

Apple Safari is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows attackers to execute arbitrary script code which results in access of local files in the context of the installed safari extensions; this may aid in other attacks.

NOTE: This issue was previously covered in BID 50089 (Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it.