SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Apple Safari Bug in PubSub May Let Remote Feeds Bypass the Cookie Blocking Mechanism
SecurityTracker Alert ID:  1023707
SecurityTracker URL:  http://securitytracker.com/id/1023707
CVE Reference:   CVE-2010-0044   (Links to External Site)
Updated:  Mar 12 2010
Original Entry Date:  Mar 12 2010
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.0.5
Description:   A vulnerability was reported in Apple Safari. A remote user can cause bypass the cookie blocking mechanism.

A remote user can create a specially crafted RSS or Atom feed that, when loaded by the target user, will cause a cookie to be set even if the browser is configured to block cookies via the "Accept Cookies" preference.

Impact:   A remote user can create a specially crafted RSS or Atom feed that, when loaded by the target user, will bypass the cookie blocking mechanism and cause a cookie to be set.
Solution:   The vendor has issued a fix (4.0.5), available via the Apple Software Update application, or Apple's Safari download site at:

http://www.apple.com/safari/download/

Safari for Mac OS X v10.6.1 to v10.6.3
The download file is named: Safari4.0.5SnowLeopard.dmg
Its SHA-1 digest is: b1b0c3510acf7144a6358b6e5667fb43aaa8a6b9

Safari for Mac OS X v10.5.7
The download file is named: Safari4.0.5Leopard.dmg
Its SHA-1 digest is: 1eccb97a78bac15277702642ed1330ad359205f7

Safari for Mac OS X v10.4.11
The download file is named: Safari4.0.5Tiger.dmg
Its SHA-1 digest is: 9f042b71a08d9c4be7f2dffa3de46622722893e4

Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 8715db0cee7db82a91bb408e500d255c5d0cfe7c

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: a25377f0febdb702dff1aac5475b113670fd0444

Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 0109adc77d5814f39bb47348df1d3280f30fd397

The vendor's advisory will be available at:

http://support.apple.com/kb/HT4070

Vendor URL:  support.apple.com/kb/HT4070 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (OS X), Windows (7), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC