<<< Date Index >>>     <<< Thread Index >>>

Local Denial of Service in Safari



Vulnerability at locally viewing files with the reference to document.location 
parameter leads to failure of a browser. In consequence of that there is a 
service crash. 

Tested on:

Safari 3.0.1 (522.12.2) &#1054;S Windows XP SP2
Safari 3.0   (522.11.3) &#1054;S Windows XP SP2

Example that can be injected in web-page: 

<script type='text/javascript'>
document.location = '';
</script>