Apple Safari Window.setTimeout变量内容欺骗漏洞

BUGTRAQ ID: 28405 Safari是苹果家族操作系统默认所捆绑的WEB浏览器。 Safari的Window.setTimeout变量没有正确地切换页面之间的导航，攻击者可能强制浏览器打开一个站点的窗口，而用其他函数覆盖页面的内容，这样就可以欺骗地址栏，执行网络钓鱼攻击。 Apple Safari 3.1 Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com html Safari browser 3.1 525.13 spoofing by Juan Pablo...

Apple Safari 3.1 - Window.setTimeout Variant Content Spoofing

source: https://www.securityfocus.com/bid/28405/info Apple Safari is prone to a content-spoofing vulnerability that allows attackers to populate a vulnerable Safari browser window with arbitrary malicious content. During such an attack, the URL and window title will display the intended site, whi...

[Full-disclosure] Apple Safari: cookie stealing

There is a vulnerability in Apple Safari, that allows an attacker to steal a cookie belonging to the arbitrary domain or/and fill the browser window with an arbitrary content, whereas the url bar and the browser's window title is derived from the selected domain. The flaw exists in the javascript...

Apple Safari crossite scripting

window.setTimeout works in context of changed window.location...