Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability
BID:52323
Info
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability
| Bugtraq ID: | 52323 |
| Class: | Design Error |
| CVE: |
CVE-2011-3844 CVE-2011-3844 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Krystian Kloskowski (h07) |
| Vulnerable: |
Apple Safari 5.0.5 for Windows Apple Safari 5.0.5 |
| Not Vulnerable: | |
Discussion
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability
Apple Safari is prone to an address bar spoofing vulnerability.
Attackers may exploit this issue to craft a misleading URI. This may aid in phishing attacks.
Apple Safari 5.0.5 is affected; other versions may also be vulnerable.
Apple Safari is prone to an address bar spoofing vulnerability.
Attackers may exploit this issue to craft a misleading URI. This may aid in phishing attacks.
Apple Safari 5.0.5 is affected; other versions may also be vulnerable.
Exploit / POC
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI.
To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI.
Solution / Fix
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability
Solution:
Reportedly, Safari 5.1.2 fixes the issue, however, Symantec has not confirmed it. Please contact the vendor for more information.
Solution:
Reportedly, Safari 5.1.2 fixes the issue, however, Symantec has not confirmed it. Please contact the vendor for more information.