Apple Safari Spoofed Window Injection

2004-12-10T00:00:00
ID OSVDB:13183
Type osvdb
Reporter Secunia Security Advisories(sec-adv@secunia.com)
Modified 2004-12-10T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to inject malicious content into a Safari browser session. The issue is triggered when a malicious website uses a known window name to inject content into that window, spoofing the content of that window. It is possible that the flaw may allow a user to be mislead about the content of a browser window resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to inject malicious content into a Safari browser session. The issue is triggered when a malicious website uses a known window name to inject content into that window, spoofing the content of that window. It is possible that the flaw may allow a user to be mislead about the content of a browser window resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:13252 Secunia Advisory ID:14005 CVE-2004-1314