Tested on OS X; Safari 2.0.4, OmniWeb 5.5.4, and Camino 1.0.3 all have different behaviours, but none is vulnerable. Cheers Mark On 6/14/07, Robert Swiecki wrote:
> There is a vulnerability in Apple Safari... Here's another one. With a specially crafted web page, an attacker can fill the client browser window with an arbitrary content, whereas window title and the content of the urlbar are freely settable. Tested with shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2. http://alt.swiecki.net/saff.html -- Robert Swiecki http://www.swiecki.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
