Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17258
HistoryJun 13, 2007 - 12:00 a.m.

[Full-disclosure] Apple Safari: cookie stealing

2007-06-1300:00:00
vulners.com
25

There is a vulnerability in Apple Safari, that allows an attacker to
steal a cookie belonging to the arbitrary domain or/and fill the browser
window with an arbitrary content, whereas the url bar and the browser's
window title is derived from the selected domain.

The flaw exists in the javascript's window.setTimeout() implementation.
The content of the timer-triggered function is processed after
window.location property is changed.

Tested with Apple Safari 3.0 (522.11.3) on MS Windows 2003 SE SP2

http://alt.swiecki.net/safc.html


Robert Swiecki
http://www.swiecki.net


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/