There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used.
Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form data. When a web form is submitted to a server using the
POST method and the server returns an
HTTP redirect to a
GET method URL, Safari may re-POST that data to the
GET method URL. It has been reported that this condition occurs when the forward/backward buttons are used. No further information was provided on this vulnerability.
A user's form data could be disclosed to a remote server.
Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Updates for Mac OS X 10.3.5).
Vendor| Status| Date Notified| Date Updated
Apple Computer Inc.| | -| 16 Aug 2004
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This vulnerability was reported by Apple. In turn, Apple credits Rick Osterberg of Harvard University for reporting this issue.
This document was written by Damon Morda.