Secunia Advisory SA39670Apple Safari Information Disclosure and Code Execution
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Description
A vulnerability and a security issue have been discovered in Apple Safari, which may lead to exposure of sensitive information or can be exploited by malicious people to compromise a user's system. 1) A use-after-free error when handling pop-up boxes created from a child window can be exploited to execute arbitrary code when a user visits a specially crafted web page. 2) Safari includes HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a "Location" header). The vulnerability and the security issue are confirmed in version 4.0.5 for Windows. Other versions may also be affected. Solution Provided and/or discovered by Other references Technical Analysis Deep Links Do you have additional information related to this advisory?Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
154 views | ![]() |
| Gentoo update for sarg | |
211 views | ![]() |
| Debian update for freetype | |