6 matches found
safari10跨域漏洞
safari 10的XMLHttpRequest在null域下可以随意发起跨域请求和设置httpheader 我交到苹果的bugreport,并给apple发邮件后,他们自己悄悄把漏洞修了,连个邮件都没给我发,所以我决定公开poc 这是我在漏洞未修复前截的图: 这个漏洞可以造成同源策略绕过,随便跨域,这是我写的获取gmail数据的代码: html var serveraddress = 'http://127.0.0.1:8000/static/csrfWcn6h/' function deleteSelf let test = document.getElementById'test'...
Apple Safari uxss(CVE-2017-7089)
CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Safari 10 Local SOP bypass html function Pewvar...
Safari 10 Local SOP bypass Vulnerability
Exploit for macOS platform in category local exploits Safari 10 Local SOP bypass Vulnerability CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed...
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
document auto& htmlDocument = downcastdocument; auto atomicPropertyName = propertyName.publicName; if atomicPropertyName && htmlDocument.hasWindowNamedItematomicPropertyName JSValue namedItem; if UNLIKELYhtmlDocument.windowNamedItemContainsMultipleElementsatomicPropertyName Ref collection =...
About the security content of Safari 10 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
About the security content of Safari 10
About the security content of Safari 10 This document describes the security content of Safari 10. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...