Apple Safari Spoof Pop-Up Windows

2004-12-02T00:00:00
ID OSVDB:12206
Type osvdb
Reporter Jakob Balle(jb@secunia.com)
Modified 2004-12-02T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to spoof dialog boxes from inactive browser windows. The issue is triggered a user is sent a malicious URL, which then launches a window which appears to be initiated by the web site in the active window. It is possible that the flaw may allow users to be tricked into revealing sensitive information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to spoof dialog boxes from inactive browser windows. The issue is triggered a user is sent a malicious URL, which then launches a window which appears to be initiated by the web site in the active window. It is possible that the flaw may allow users to be tricked into revealing sensitive information resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Secunia Advisory ID:13362 Secunia Advisory ID:12892 CVE-2004-1122