Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
From: Robert Swiecki <jagger@xxxxxxxxxxx>
Date: Fri, 15 Jun 2007 01:31:39 +0200
In-reply-to: <466FC842.1070404@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <466FC842.1070404@xxxxxxxxxxx>
User-agent: Thunderbird Mnenhy/0.7.5.0

> There is a vulnerability in Apple Safari...

Here's another one. With a specially crafted web page, an attacker can
fill the client browser window with an arbitrary content, whereas window
title and the content of the urlbar are freely settable.

Tested with shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003
SE SP2.

http://alt.swiecki.net/saff.html

-- 
Robert Swiecki
http://www.swiecki.net

Follow-Ups:
- Re: Apple Safari: idn urlbar spoofing
  - From: Robert Swiecki
- Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
  - From: Mark Senior

References:
- Apple Safari: cookie stealing
  - From: Robert Swiecki

Prev by Date: Re: [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue
Next by Date: Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability
Previous by thread: Re: [Full-disclosure] Apple Safari: cookie stealing
Next by thread: Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
Index(es):
- Date
- Thread