Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-12-18 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Safari 3 Beta Update 3.0.4 Security Update

Published: 2007-12-18
Last Updated: 2007-12-18 15:20:22 UTC
by Joel Esler (Version: 1)
0 comment(s)

As we mentioned last night about the Apple Security Update, there is also an update for Safari 3 Beta.  Go here to get the newest version.

CVE-ID:  CVE-2007-5858

Impact:  Visiting a malicious website may result in the disclosure of sensitive information

Description: WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy. (This issue is addressed for Mac OS X in Security Update 2007-009.)

(This is only for Windows XP and Windows Vista users, for Mac users this isn't an issue since it's rolled up in 2007-009)

Joel Esler

http://www.joelesler.net

Keywords:
0 comment(s)
Diary Archives