lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 13 Jun 2007 10:37:33 -0400
From: "Joey Mengele" <joey.mengele@...hmail.com>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>,
	<jagger@...ecki.net>
Subject: Re: Apple Safari: cookie stealing

curl 7.15.1 compiled from source on RHEL 4 is not affected. Can 
anyone else confirm?

J

On Wed, 13 Jun 2007 06:34:42 -0400 Robert Swiecki 
<jagger@...ecki.net> wrote:
>There is a vulnerability in Apple Safari, that allows an attacker 
>to
>steal a cookie belonging to the arbitrary domain or/and fill the 
>browser
>window with an arbitrary content, whereas the url bar and the 
>browser's
>window title is derived from the selected domain.
>
>The flaw exists in the javascript's window.setTimeout() 
>implementation.
>The content of the timer-triggered function is processed after
>window.location property is changed.
>
>Tested with Apple Safari 3.0 (522.11.3) on MS Windows 2003 SE SP2
>
>http://alt.swiecki.net/safc.html
>
>-- 
>Robert Swiecki
>http://www.swiecki.net
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

--
Click to become an artist and quit your boring job
http://tagline.hushmail.com/fc/CAaCXv1P278gujyHrPaciXl9iz0Jg7XU/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists