Apple Safari Beta Same Origin Policy Violation Vulnerability
BID:25355
Info
Apple Safari Beta Same Origin Policy Violation Vulnerability
| Bugtraq ID: | 25355 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-4431 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 17 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Gareth Heyes discovered this issue. |
| Vulnerable: |
Apple Safari 3.0.3 Beta for Windows Apple Safari 3.0.3 Beta Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 3 Beta for Windows Apple Safari 3 Beta |
| Not Vulnerable: | |
Discussion
Apple Safari Beta Same Origin Policy Violation Vulnerability
Apple Safari is susceptible to a vulnerability that allows attacker to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for JavaScript remote data access.
An attacker may create a malicious webpage that can access the properties of another domain. This may lead allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.
Safari 3 beta is vulnerable to this issue.
Apple Safari is susceptible to a vulnerability that allows attacker to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for JavaScript remote data access.
An attacker may create a malicious webpage that can access the properties of another domain. This may lead allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.
Safari 3 beta is vulnerable to this issue.
Exploit / POC
Apple Safari Beta Same Origin Policy Violation Vulnerability
A proof-of-concept website is available to demonstrate this issue:
http://www.businessinfo.co.uk/labs/SafariBetaZeroDay/safaribetazeroday.html
A proof-of-concept website is available to demonstrate this issue:
http://www.businessinfo.co.uk/labs/SafariBetaZeroDay/safaribetazeroday.html
Solution / Fix
Apple Safari Beta Same Origin Policy Violation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Apple Safari Beta Same Origin Policy Violation Vulnerability
References:
References:
- Safari beta zero day (Gareth Heyes)
- Safari Cross Domain Access. (Ronald Heathland)
- Safari Homepage (Apple)