|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2007-06-22 Safari 3 Beta Update 3.0.2
Safari CVE-ID: CVE-2007-2398 Available for: Windows XP or Vista Impact: A maliciously crafted website may control the contents of the address bar Description: In Safari Beta 3.0.1 for Windows, a timing issue allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.
WebCore CVE-ID: CVE-2007-2401 Available for: Mac OS X v10.4.9 or later, Windows XP or Vista Impact: Visiting a malicious website may allow cross-site requests Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd for reporting this issue.
WebKit CVE-ID: CVE-2007-2399 Available for: Mac OS X v10.4.9 or later, Windows XP or Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
Note: This update will appear for systems running Safari 3 Beta. It includes the entire contents of Security Update 2007-006. Security Update 2007-006 itself will not appear via Software Update for systems that have installed Safari 3 Beta.
Safari 3 Beta Update 3.0.2 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/
For Mac OS X The download file is named: "Safari302Beta.dmg" Its SHA-1 digest is: b8ee8d7c1ac3237de2ab0524077a20bae7f55001
Safari for Windows XP or Vista The download file is named: "SafariSetup.exe" Its SHA-1 digest is: 3cbbf5a09ece4cac7f35b79f67b6990d5c0565f3
Safari+QuickTime for Windows XP or Vista The download file is named: "SafariQuickTimeSetup.exe" Its SHA-1 digest is: 7f0ea984bbdcbba4a3a85d785f2fdb810ed3954a
This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060)
iQEVAwUBRnw3ccgAoqu4Rp5tAQgYvwf/VJn4IiZRU7UDu+bDn5b9QFfZ+HqvukiY 6lqba2GXPO7WS6wqkFafUVDBB/PDsQ75BbzPwi1Mr/UDBxUj6d5OvnyUDJ0D9bG8 uDQujhZazEUuhDYom+IqC6OgVr1jMF70RI/nPNr14GGFXLF+IuIlTtLu9UHi5nME OzQ+W6THIBxhfckgP0CGkh5wi7BdSSfo0UviY+tg8+F1GQieNysk1FNtj3JspQOD NB/3v6bmPlFwJayNqVjYlduIa6ycCvJhpeupWFzNqOjeEIwlhlv3BSsrnWPZVd4f YiibgfkYXMO0f0UPx3iwzimux88mlD2wvgqBn7lEfobVsCTJD5dCPA== =vzAk -----END PGP SIGNATURE-----
_______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.