lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2BB5E177-2B48-11D9-A9F4-000A95A012EE@neoresearch.org>
Date: Mon, 1 Nov 2004 01:21:35 +1100
From: Gilbert Verdian <gverdian@...research.org>
To: bugtraq@...urityfocus.com
Subject: Safari vulnerable to URL spoofing


Following the discovery by Benjamin Tobias Franz for spoofing URLs in 
IE by using tables within links.

http://www.packetstormsecurity.nl/0410-advisories/msieLink.txt

It is possible to spoof URLs under OS X in the latest Safari browser 
1.2.3 (v125.9) by using the same method.
Ironically, this does not work with Internet Explorer on OS X version 
5.2.3 (5815.1).

Tested on OS X 10.3.5 (build 7M34) with latest software update.

Further details and example at 
http://www.neoresearch.org/[neo]safari_url_spoof.html

regards,

Gilbert Verdian
neoresearch.org

Powered by blists - more mailing lists