Safari Archive JavaScript Same Origin Policy Violation Vulnerability
BID:17082
Info
Safari Archive JavaScript Same Origin Policy Violation Vulnerability
| Bugtraq ID: | 17082 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-0400 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2006 12:00AM |
| Updated: | Mar 14 2006 09:05PM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 |
| Not Vulnerable: | |
Discussion
Safari Archive JavaScript Same Origin Policy Violation Vulnerability
Apple Safari is susceptible to a same-origin policy violation. This issue is due to the application's failure to properly enforce same-origin policy for JavaScript remote data access.
An attacker may create a malicious webpage that can access the properties of another domain. This may lead to disclosure of sensitive information or may facilitate other attacks against a user of the browser.
Apple Safari is susceptible to a same-origin policy violation. This issue is due to the application's failure to properly enforce same-origin policy for JavaScript remote data access.
An attacker may create a malicious webpage that can access the properties of another domain. This may lead to disclosure of sensitive information or may facilitate other attacks against a user of the browser.
Exploit / POC
Safari Archive JavaScript Same Origin Policy Violation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Safari Archive JavaScript Same Origin Policy Violation Vulnerability
Solution:
The vendor has released an advisory along with fixes to address this issue.
Apple Mac OS X Server 10.4.5
Apple Mac OS X 10.4.5
Solution:
The vendor has released an advisory along with fixes to address this issue.
Apple Mac OS X Server 10.4.5
-
Apple SecUpd2006-002Intel.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=09965&cat= 1&platform=osx&method=sa/SecUpd2006-002Intel.dmg -
Apple SecUpd2006-002Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=09964&cat= 1&platform=osx&method=sa/SecUpd2006-002Ti.dmg
Apple Mac OS X 10.4.5
References
Safari Archive JavaScript Same Origin Policy Violation Vulnerability
References:
References:
- Safari Homepage (Apple)
- Security Update 2006-002 (Apple)