SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple Computer
Safari SubFrame Navigation and RSS Feed URL Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code
SecurityTracker Alert ID:  1019108
SecurityTracker URL:  http://securitytracker.com/id/1019108
CVE Reference:   CVE-2007-5858, CVE-2007-5859   (Links to External Site)
Updated:  Dec 22 2007
Original Entry Date:  Dec 18 2007
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.4
Description:   Two vulnerabilities were reported in Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks.

A remote user can create a specially crafted HTML that, when loaded by the target user, will cause WebKit to navigate the subframes of arbitrary pages and execute arbitrary scripting code in the context of those pages [CVE-2007-5858]. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can create a specially crafted RSS feed that, when loaded by the target user, will execute arbitrary code on the target user's system [CVE-2007-5859]. Mac OS X versions 10.5 and later are not affected.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Perl software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can cause arbitrary code to be executed on the target user's system.

Solution:   The vendor has issued a fix (APPLE-SA-2007-12-17 Security Update 2007-009 v1.1), available from from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5.1
The download file is named: "SecUpd2007-009.dmg"
Its SHA-1 digest is: 0ba35ef30a525792f1d4015395997b42f524dd38

For Mac OS X v10.4.11 (Universal)
The download file is named: "SecUpd2007-009Univ.dmg"
Its SHA-1 digest is: 49f52d4f647ea4a1fabef34cccac263bfd03791a

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2007-009Ti.dmg"
Its SHA-1 digest is: d1c5c4bc23267dd846bb96e7be69b084579c1bba

The vendor has also issued Safari 3 Beta 3.0.4 Security Update v1.1 (for Windows) to correct CVE-2007-5858, available via the Apple Software Update application, or Apple's Safari download site at:

http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named: "Safari304BetaSecUpdateSetup.exe"
Its SHA-1 digest is: 44d788791fb060a97cdc9d09d9973919b181cc35

Safari+QuickTime for Windows XP or Vista
The file is named: "Safari304BetaSecUpdateQuickTimeSetup.exe"
Its SHA-1 digest is: 17ad827789d11bb3c4407a68beb6df942bfa7382

The Apple advisories are available at:

http://docs.info.apple.com/article.html?artnum=307178
http://docs.info.apple.com/article.html?artnum=307179
http://docs.info.apple.com/article.html?artnum=307224
http://docs.info.apple.com/article.html?artnum=307225

[Editor's note: The original security update 2007-009 and Safari 3 Beta 3.0.4 Security Update issued on December 17, 2007 contained a performance issue that may cause Safari to crash. On December 21, 2007, Apple issued the revised security update 2007-009 v1.1 and Safari 3 Beta 3.0.4 Security Update v1.1. Customers should apply the new update.]

Vendor URL:  docs.info.apple.com/article.html?artnum=307179 (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:   UNIX (OS X), Windows (Vista), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 16 2008 (Apple Issues Fix for iPhone and iPod touch) Safari SubFrame Navigation and RSS Feed URL Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has issued a fix for iPhone and iPod touch.



 Source Message Contents

Date:  Tue, 18 Dec 2007 00:32:48 -0500
Subject:  Safari


APPLE-SA-2007-12-17 Security Update 2007-009

Safari
CVE-ID:  CVE-2007-5858
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.1, Mac OS X Server v10.5.1
Impact:  Visiting a malicious website may result in the disclosure of
sensitive information
Description:  WebKit allows a page to navigate the subframes of any
other page. Visiting a maliciously crafted web page could trigger a
cross-site scripting attack, which may lead to the disclosure of
sensitive information. This update addresses the issue by
implementing a stricter frame navigation policy.

Safari RSS
CVE-ID:  CVE-2007-5859
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Accessing a maliciously crafted feed: URL may lead to an
application termination or arbitrary code execution
Description:  A memory corruption issue exists in Safari's handling
of feed: URLs. By enticing a user to access a maliciously crafted
URL, an attacker may cause an unexpected application termination or
arbitrary code execution. This update addresses the issue by
performing additional validation of feed: URLs and providing an error
message in case of an invalid URL. This issue does not affect systems
running Mac OS X 10.5 or later.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC