Safari vulnerable to URL spoofing

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Safari vulnerable to URL spoofing
From: Gilbert Verdian <gverdian@xxxxxxxxxxxxxxx>
Date: Mon, 1 Nov 2004 01:21:35 +1100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Following the discovery by Benjamin Tobias Franz for spoofing URLs inIE by using tables within links.


http://www.packetstormsecurity.nl/0410-advisories/msieLink.txt

It is possible to spoof URLs under OS X in the latest Safari browser1.2.3 (v125.9) by using the same method.Ironically, this does not work with Internet Explorer on OS X version5.2.3 (5815.1).


Tested on OS X 10.3.5 (build 7M34) with latest software update.

Further details and example athttp://www.neoresearch.org/[neo]safari_url_spoof.html


regards,

Gilbert Verdian
neoresearch.org

Prev by Date: [OpenPKG-SA-2004.049] OpenPKG Security Advisory (gd)
Next by Date: Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities
Previous by thread: [OpenPKG-SA-2004.049] OpenPKG Security Advisory (gd)
Next by thread: Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities
Index(es):
- Date
- Thread