Apple Safari setInterval() Bug Lets Remote Users Spoof the Address Bar
|
SecurityTracker Alert ID: 1026775 |
SecurityTracker URL: http://securitytracker.com/id/1026775
|
CVE Reference:
CVE-2011-3844
(Links to External Site)
|
Date: Mar 9 2012
|
Impact:
Modification of system information
|
Fix Available: Yes
|
Version(s): 5.0.5 (7533.21.1); possibly other versions
|
Description:
A vulnerability was reported in Apple Safari. A remote user can determine the installation path.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in the setInterval() function and spoof the address bar display.
Krystian Kloskowski (h07) reported this vulnerability via Secunia.
|
Impact:
A remote user can spoof the address bar URL.
|
Solution:
The vendor has issued a partial fix (5.1.2 (7534.52.7)).
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS: UNIX (macOS/OS X), Windows (7), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|