[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apple Safari: cookie stealing
- To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <jagger@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Apple Safari: cookie stealing
- From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
- Date: Wed, 13 Jun 2007 10:37:33 -0400
curl 7.15.1 compiled from source on RHEL 4 is not affected. Can
anyone else confirm?
J
On Wed, 13 Jun 2007 06:34:42 -0400 Robert Swiecki
<jagger@xxxxxxxxxxx> wrote:
>There is a vulnerability in Apple Safari, that allows an attacker
>to
>steal a cookie belonging to the arbitrary domain or/and fill the
>browser
>window with an arbitrary content, whereas the url bar and the
>browser's
>window title is derived from the selected domain.
>
>The flaw exists in the javascript's window.setTimeout()
>implementation.
>The content of the timer-triggered function is processed after
>window.location property is changed.
>
>Tested with Apple Safari 3.0 (522.11.3) on MS Windows 2003 SE SP2
>
>http://alt.swiecki.net/safc.html
>
>--
>Robert Swiecki
>http://www.swiecki.net
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
--
Click to become an artist and quit your boring job
http://tagline.hushmail.com/fc/CAaCXv1P278gujyHrPaciXl9iz0Jg7XU/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/