Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | 2.0.4 (including) | 2.0.4 (including) |
References
- http://osvdb.org/38859
- http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
- http://www.securityfocus.com/bid/24121
- http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/
- http://osvdb.org/38859
- http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
- http://www.securityfocus.com/bid/24121
- http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/