Re: [Fed-Talk] Apple Safari window object invalid pointer vulnerability
Re: [Fed-Talk] Apple Safari window object invalid pointer vulnerability
- Subject: Re: [Fed-Talk] Apple Safari window object invalid pointer vulnerability
- From: Joel Esler <email@hidden>
- Date: Thu, 13 May 2010 11:30:42 -0400
I've been told by our research team that Safari on Win32 is vuln.
The Vulnerability Research Team here at Sourcefire (Snort) put out a rule for it two days ago. sid: 16596.
J
On Thu, May 13, 2010 at 11:26 AM, David Mueller
<email@hidden> wrote:
This was reported three days ago and still people are only confirming that
it Safari for Windows is vulnerable. The US-CERT report and various tech
media sources (which all seem to be basing their reports on the US-CERT
report) only say other versions (i.e., Mac) may be affected.
When there are issues like this, it would be nice if Firefox and Entourage
played together nicely when a CAC was involved...
- David
On 5/13/10 8:07 AM, "Kim, Andy (Gregg)" <
email@hidden> wrote:
>
> Apple Safari contains a vulnerability in the handling of window objects, which
> may allow a remote, unauthenticated attacker to execute arbitrary code on a
> vulnerable system per US-CERT.
>
>
http://www.kb.cert.org/vuls/id/943165
>
> Disable _javascript_ can be mitigated subject issue, but no updates patch from
> Apple...
>
> Regards,
>
> Andy Kim
> Dir of I T
> U.S. Senator Judd Gregg
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden