WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bars URL or add URLs to the history via a cross-origin attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Safari | Apple | * | 5.0.2 (including) |
Safari | Apple | 5.0 (including) | 5.0 (including) |
Safari | Apple | 5.0.1 (including) | 5.0.1 (including) |
Webkit | Apple | * | * |