|
 |
|
Apple Safari Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA29393
|
|
|
Release Date:
|
2008-03-19
|
|
Last Update:
|
2008-03-20
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Safari 2.x
Safari 3.x
|
| | CVE reference: | CVE-2008-1002 (Secunia mirror)
CVE-2008-1003 (Secunia mirror)
CVE-2008-1004 (Secunia mirror)
CVE-2008-1005 (Secunia mirror)
CVE-2008-1006 (Secunia mirror)
CVE-2008-1007 (Secunia mirror)
CVE-2008-1008 (Secunia mirror)
CVE-2008-1009 (Secunia mirror)
CVE-2008-1010 (Secunia mirror)
CVE-2008-1011 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to compromise a vulnerable system.
1) An error in the processing of "javascript:" URLs can be exploited to execute arbitrary HTML and script code in context of another site via a specially crafted web page.
2) An error exists the handling of web pages that have explicitly set the document.domain property. This can be exploited to conduct cross-site scripting attacks in sites that set the document.domain property or between HTTP and HTTPS sites with the same document.domain.
3) An error in Web Inspector can be exploited to inject script code that will run in other domains and can read the user's file system when a specially crafted page is inspected.
4) A security issue exists with the Kotoeri input method, which can result in exposing the password field on the display when reverse conversion is requested.
5) An error within the handling of the "window.open()" function can be used to change the security context of a web page to the caller's context. This can be exploited to execute arbitrary script code in the user's security context via a specially crafted web page.
6) The frame navigation policy is not enforced for Java applets. This can be exploited to conduct cross-site scripting attacks using java and to gain escalated privileges by enticing a user to open a specially crafted web page.
7) An unspecified error in the handling of the document.domain property can be exploited to conduct cross-site scripting attacks when a user visits a specially crafted web page.
8) An error exists in the handling of the history object. This can be exploited to inject javascript code that will run in the context of other frames.
9) A boundary error exists in the handling of javascript regular expressions, which can be exploited to cause a buffer overflow via a specially crafted web page.
Successful exploitation allows execution of arbitrary code.
10) An error in WebKit allows method instances from one frame to be called in the context of another frame. This can be exploited to conduct cross-site scripting attacks.
The vulnerabilities are reported in Safari prior to version 3.1.
Solution:
Update to version 3.1.
Provided and/or discovered by:
1) Robert Swiecki of Google Information Security Team.
2, 3, 5, 6) Adam Barth and Collin Jackson of Stanford University.
9) Eric Seidel of the WebKit Open Source Project, and Tavis Ormandy and Will Drewry of Google Security Team.
10) David Bloom
Changelog:
2008-03-20: Updated credits. Added link to US-CERT.
Original Advisory:
Apple:
http://docs.info.apple.com/article.html?artnum=307563
Other References:
US-CERT VU#766019:
http://www.kb.cert.org/vuls/id/766019
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
8 Related Secunia Security Advisories
|
|
|
1. Safari Address Bar URL Spoofing Security Issue
|
|
2. Safari Multiple Vulnerabilities
|
|
3. Safari HTML Parsing Weakness and URL Information Disclosure
|
|
4. Safari AutoFill Information Disclosure
|
|
5. Safari "rowspan" Attribute Denial of Service Vulnerability
|
|
6. Safari Image Control Status Bar Spoofing Weakness
|
|
7. Safari "data:" URI Handler Denial of Service Weakness
|
|
8. Safari Dialog Origin Spoofing Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
