Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Safari 3 Beta Update 3.0.4 Security Update - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Safari 3 Beta Update 3.0.4 Security Update

As we mentioned last night about the Apple Security Update, there is also an update for Safari 3 Beta.  Go here to get the newest version.

CVE-ID:  CVE-2007-5858

Impact:  Visiting a malicious website may result in the disclosure of sensitive information

Description: WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy. (This issue is addressed for Mac OS X in Security Update 2007-009.)

(This is only for Windows XP and Windows Vista users, for Mac users this isn't an issue since it's rolled up in 2007-009)

Joel Esler

http://www.joelesler.net

Joel

454 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!