Safari Address Bar URL Spoofing Security Issue - Security


Editor Login \| Register		Ekle

> World > Security

Safari Address Bar URL Spoofing Security Issue - Security - World -

CWRedLight

(Date : 24.04.2008 18:58:21)

Safari Address Bar URL Spoofing Security Issue

Secunia Advisory:	SA29900
Release Date:	2008-04-24

Critical:	Less critical
Impact:	Spoofing
Where:	From remote
Solution Status:	Unpatched

Software:	Safari 3.x Safari for Windows 3.x

Description:
Juan Pablo Lopez Yacubian has discovered a security issue in Safari, which can be exploited by malicious people to display a fake URL in the address bar.

The problem is that it is possible to hide the actual location of a page in the address bar via a specially crafted URL containing a number of certain special characters in the "user" field before the "@" character.

The security issue is confirmed in version 3.1.1 on Mac OS X and Vista. Other versions may also be affected.

Solution:
Do not browse untrusted websites or follow untrusted links.

Provided and/or discovered by:
Juan Pablo Lopez Yacubian

Original Advisory:
http://es.geocities.com/jplopezy/pruebasafari3.html

Derecelendir

Kaynak

http://secunia.com/advisories/29900/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS