Apple patches more Safari holes

Windows browser made better..

By Ryan Naraine, 25 June 2007 08:52

NEWS

Apple has refreshed its new Safari for Windows browser to patch a pair of vulnerabilities that could cause spoofing and HTTP redirection attacks.

This is the second batch of updates shipped for the beta browser since Apple's heavily hyped release of its flagship browser to the Windows ecosystem.

Both vulnerabilities affect Windows XP and Windows Vista users while one patch is available for Safari on the Mac OS X.

Details on the latest patches:

CVE-2007-2398 - In Safari Beta 3.0.1 for Windows, a timing issue allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered.

CVE-2007-2400 –Safari’s security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This issue affects Mac OS X users.

Ryan Naraine writes for ZDNet.com

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ