Yet another URL flaw for Safari 3.0 for Windows beta

Researcher shows how URLs can be spoofed and content-arbitrary within Safari 3.0 beta.

Security researcher Robert Swiecki, who two days ago disclosed a URL vulnerability within the new Safari 3.0 for Windows beta, has another. The new flaw requires a user to visit a specially crafted Web page. There, an attacker can write whatever name in the URL toolbar and fill the client browser window with arbitrary content. He provides an example (link should be viewed within Safari).

In response to other Safari 3.0 vulnerabilities, Apple yesterday released an updated version that addresses three of the public vulnerabilities. Swiecki says he tested this latest vulnerability on Safari 3.0.1 (522.12.12) running Windows 2003 SE SP2.

Featured Video

We pummel the powder in Nissan's Winter Warrior concepts

Equipped with suspension lifts and actual tracks, these concepts are meant to reach places that no ordinary vehicle can.

by Jon Wong