Search...

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation

2004-12-15T00:00:00

ID EXPLOITPACK:BB1C3866773BABDF50E097526AF51ED1
Type exploitpack
Reporter Guillaume
Modified 2004-12-15T00:00:00

Description

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation

                                        
                                            source: https://www.securityfocus.com/bid/11949/info

A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.

The issue presents itself when an attacker creates an HTML form with the submit 'value' property set to a legitimate site and the 'action' property set to the attacker-specified site. The malicious form could also be embedded in a link using the HTML Anchor tag and specifying the legitimate site as the 'href' property. As a result, the attacker-supplied link would point to the legitimate site and the status bar would display the address of the legitimate site as well.

&lt;form action="http://www.malicious.com/" method="get"&gt;
&lt;a href="http://www.example.com/"&gt;&lt;input type="image" src="http://images.example.com/title.gif"&gt;&lt;/a&gt;
&lt;/form&gt;

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:04", "references": [], "description": "\nApple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation", "edition": 1, "reporter": "Guillaume", "exploitpack": {"type": "dos", "platform": "osx"}, "published": "2004-12-15T00:00:00", "title": "Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:04", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2020-04-01T19:04:04", "rev": 2}, "vulnersScore": -0.5}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2004-12-15T00:00:00", "id": "EXPLOITPACK:BB1C3866773BABDF50E097526AF51ED1", "href": "", "viewCount": 2, "sourceData": "source: https://www.securityfocus.com/bid/11949/info\n\nA vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.\n\nThe issue presents itself when an attacker creates an HTML form with the submit 'value' property set to a legitimate site and the 'action' property set to the attacker-specified site. The malicious form could also be embedded in a link using the HTML Anchor tag and specifying the legitimate site as the 'href' property. As a result, the attacker-supplied link would point to the legitimate site and the status bar would display the address of the legitimate site as well.\n\n<form action=\"http://www.malicious.com/\" method=\"get\">\n<a href=\"http://www.example.com/\"><input type=\"image\" src=\"http://images.example.com/title.gif\"></a>\n</form>", "cvss": {"score": 0.0, "vector": "NONE"}}