Info

Disclosure

Dec 10, 2004

Discovery

Dec 10, 2004

Dates

Exploit

Dec 10, 2004

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a malicious user to inject malicious content into a Safari browser session. The issue is triggered when a malicious website uses a known window name to inject content into that window, spoofing the content of that window. It is possible that the flaw may allow a user to be mislead about the content of a browser window resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Inc.	Mac OS X	10.2.x
		10.3
		10.3.1
		10.3.2
		10.3.3
		10.3.4
		10.3.5
		10.3.6
		10.3.7

References

Related OSVDB ID: 12313
Secunia Advisory ID: 13252 14005
CVE ID: 2004-1314 (see also: NVD)
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=300770
Other Advisory URL: http://secunia.com/secunia_research/2004-13/advisory/

Credit

Secunia Security Advisories - sec-advsecunia.com - Secunia

Direct URL: http://osvdb.org/13183

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Inc.

Mac OS X

References

Credit