info
discussion
exploit
solution
references
Apple Safari 'safari-extension://' URL Handling Directory Traversal Vulnerability
References:
CVE-2011-3229 - Steal files and inject js in Safari Extensions
(Aaron Sigel of vtty.com)
Safari Homepage
(Apple)
Walkthrough of Safari Extension PoC
(Aaron Sigel of vtty.com)
Privacy Statement
Copyright 2010, SecurityFocus