site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-12-17 Safari 3 Beta Update 3.0.4 Security Update Safari 3 Beta Update 3.0.4 Security Update is now available and addresses the following issue: Safari CVE-ID: CVE-2007-5858 Available for: Windows XP or Vista Impact: Visiting a malicious website may result in the disclosure of sensitive information Description: WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy. This issue is addressed for Mac OS X in Security Update 2007-009. Safari 3 Beta 3.0.4 Security Update is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari for Windows XP or Vista The download file is named: "Safari304BetaSecUpdateSetup.exe" Its SHA-1 digest is: 4ee67ff207a7cf9fc6a8a08f30d41967b4b2460c Safari+QuickTime for Windows XP or Vista The file is named: "Safari304BetaSecUpdateQuickTimeSetup.exe" Its SHA-1 digest is: 5c293083c0e8e573ed7e200fb0172e1e60bb343e To verify that your version of Safari has been updated: * In Safari, click on "About Safari" under the Safari menu * The version will be "Version 3.0.4 (523.13)" or later This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.0.867 wsBVAwUBR2bhQMgAoqu4Rp5tAQgzlwgAmUt4Heysty/k50J72MD6Cf3Jra2/I9Ic 7RfSvnXyn99NwIJcoKRSBHa3huOUdBSXRdq0JgZkMBgs7TsOvM6PbgjjeG94Yi37 5jRn/YqfGjlOfo4omXuZRQMUj0jopHNL1qc3/98RJ9y11bKUMlXhJL/2p5LFcKF1 DMm8/ZXzMVTwUBS1uDpmcKPubngiKFILZTZhefYWiUanBQoOtaAqUGFuXfUG1u3T df5JLgam1cGV5mfiZyMYlfQnHC4XTy1Vh0jcREIqsFaZlIQ5pKDTGVOOJM5mRd0b V9011ljyYcUPUuhqQoooWbTotdwnymht4drRaR8eMhMQ/eUI+il+Ww== =ZWtQ -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com