Another flaw within Safari 3.0 for Windows beta

Researcher finds a basic cookie-handling error that could compromise Windows PCs.

Security researcher Robert Swiecki disclosed yesterday another vulnerability within the new Safari 3.0 for Windows beta, bringing the total of public vulnerabilities to nine . The latest flaw allows an attacker to steal a cookie. The flaw exists in the Javascript's window.setTimeout()implementation where the content timer-triggered function is processed after window.location property is changed.

In response to other Safari 3.0 vulnerabilities, Apple today released an updated version that addresses three of the nine public vulnerabilities.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the Makerbot Replicator 3D Printer and all the supplies you need to get started.