Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: Safari 3 Beta Update 3.0.4 Security Update SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Safari 3 Beta Update 3.0.4 Security Update

As we mentioned last night about the Apple Security Update, there is also an update for Safari 3 Beta.  Go here to get the newest version.

CVE-ID:  CVE-2007-5858

Impact:  Visiting a malicious website may result in the disclosure of sensitive information

Description: WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy. (This issue is addressed for Mac OS X in Security Update 2007-009.)

(This is only for Windows XP and Windows Vista users, for Mac users this isn't an issue since it's rolled up in 2007-009)

Joel Esler


454 Posts
Dec 18th 2007

Sign Up for Free or Log In to start participating in the conversation!