Apple Safari Remote Web Archive Processing XSS

2005-09-20T10:37:54
ID OSVDB:19709
Type osvdb
Reporter OSVDB
Modified 2005-09-20T10:37:54

Description

Vulnerability Description

Mac OS X contains an unspecified flaw that allows a remote cross site scripting attack. This flaw exists because Safari allows the viewing of remote web archives, which may be rendered as content from sites which did not serve them. This could allow a user to create a specially crafted archive that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2005-008) to address this vulnerability.

Short Description

Mac OS X contains an unspecified flaw that allows a remote cross site scripting attack. This flaw exists because Safari allows the viewing of remote web archives, which may be rendered as content from sites which did not serve them. This could allow a user to create a specially crafted archive that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1014964 Secunia Advisory ID:16920 Related OSVDB ID: 19703 Related OSVDB ID: 19707 Related OSVDB ID: 19704 Related OSVDB ID: 19705 Related OSVDB ID: 19706 Related OSVDB ID: 19708 Related OSVDB ID: 19710 Related OSVDB ID: 19711 Keyword: Apple Security Update 2005-008 CVE-2005-2524 Bugtraq ID: 14914