Image Spoofing Vulnerability affects Safari

Secure OS X has determined that an image spoofing vulnerability originally identified in the Opera Web browser also affects the latest version of Safari, v416.12 running in Mac OS X 10.4.x

The problem, originally discovered by Secunia, is that the browser fails to show the correct URL in the status bar if an image control with a "title" attribute has been enclosed in a hyperlink and uses a form to specify the destination URL. This may cause a user to follow a link to a seemingly trusted website when in fact the browser opens a malicious website.

Secure OS X reports:

"It appears Safari suffers from the same weakness as Opera and IE 6. After entering the alert on Opera I tested Safari and confirmed that it shows the same weakness.

"I tested and confirmed this on Safari Version 2.0.2 (416.12) on OS X 10.4.3

"This is accomplished by creating a form with an image type input field. Example:

Resources