RE: Apple Safari on MacOSX may reveal user's saved passwords

To: Bug traq list <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Apple Safari on MacOSX may reveal user's saved passwords
From: samelinux@xxxxxxxxx
Date: Tue, 15 May 2007 02:46:50 +0200 (CEST)
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:date:from:to:subject:in-reply-to:message-id:references:mime-version:content-type; b=I6rtN5IdhU07i5ekBWuq9OqHV66OSy4+qdeO9255N8aeq17C11Wz+VApZn6Bpga1LYV01dUkNqtEKeIMg8Cl47183yl5PlanfLyM4SzQBDVSKuVJ1na6fofj8C2D0Wz3b9DqxWAY4hOarZ1gmdMqvH/C8//Zm+TEb9qbfY4Mda4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:to:subject:in-reply-to:message-id:references:mime-version:content-type; b=STZ8lvnp1X9eZ6WBD2mDt2quK13usfKmO2gpPIip6IkcVwoRBXnE8zwgok7CV83B3E/HIAfwXus2iF4HZsUPrGcumAyi0bHh1EbXZTqbWHGreZLVChB09HoRV4ZjF/weLTDDyb4qeBI+uq4BipWt8OW/9Oe+DV6OPs+kdCk1hVA=
In-reply-to: <5328271.1179176636960.JavaMail.?@fh1036.dia.cp.net>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <5328271.1179176636960.JavaMail.?@fh1036.dia.cp.net>

It may be possible to exploit this if a user download and execute anapplescript, i think not directly from a website cause if from a websiteit would be an XSS, right?


--
Luchino - Samel
"Close the world,txen eht nepo!"
"Yuo will never break my mind!"

On Mon, 14 May 2007, mailbox@xxxxxxxxxxxxxx wrote:

It may be possible to exploit this by simply accessing a malicious
website, but I have not tested this.

Anyone willing to give it out a shot?

Thanks,
John Martinelli

redlevel security
redlevel.org - security training, consultation, and more.

References:
- RE: Apple Safari on MacOSX may reveal user's saved passwords
  - From: mailbox@xxxxxxxxxxxxxx

Prev by Date: Re: Defeating Citibank Virtual Keyboard protection using screenshot method
Next by Date: Re: RE: Apple Safari on MacOSX may reveal user's saved passwords
Previous by thread: RE: Apple Safari on MacOSX may reveal user's saved passwords
Next by thread: Re: RE: Apple Safari on MacOSX may reveal user's saved passwords
Index(es):
- Date
- Thread