Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability
BID:24121
Info
Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability
| Bugtraq ID: | 24121 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2007-2843 |
| Remote: | Yes |
| Local: | No |
| Published: | May 23 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Gareth Heyes disclosed this vulnerability. |
| Vulnerable: |
Apple Safari 2.0.4 |
| Not Vulnerable: | |
Discussion
Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability
Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions.
Exploiting this issue may allow attackers to access locations that a user visits, even if it's in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.
This issue affects Safari 2.0.4; other versions may also be affected.
Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions.
Exploiting this issue may allow attackers to access locations that a user visits, even if it's in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.
This issue affects Safari 2.0.4; other versions may also be affected.
Exploit / POC
Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability
Attackers use standard HTML design utilities and webserver applications to exploit this issue.
A proof-of-concept example by Gareth Heyes is available at the following location where a browser can be tested for this weakness.
Proof of Concept: http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
The JavaScript code for this example is available:
Attackers use standard HTML design utilities and webserver applications to exploit this issue.
A proof-of-concept example by Gareth Heyes is available at the following location where a browser can be tested for this weakness.
Proof of Concept: http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
The JavaScript code for this example is available:
Solution / Fix
Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Apple Safari Cross-Domain Browser Location Information Disclosure Vulnerability
References:
References:
- Safari Homepage (Apple)
- Safari needs fixing! (Gareth Heyes)