Safari Window Injection Vulnerability
Paul Anderson
paul.anderson at hp.com
Thu Dec 9 08:55:42 PST 2004
Dan,
I just tried the test and OmniWeb passed in that the CitiBank page was
unchanged.
Paul
Paul Anderson
OpenVMS Engineering
Hewlett-Packard Company
> From: Dan Carlson <minutiaeman at st-minutiae.com>
> Date: Thu, 9 Dec 2004 11:22:31 -0500
> To: OmniWeb Mailing List <omniweb-l at omnigroup.com>
> Subject: Safari Window Injection Vulnerability
>
> <http://secunia.com/advisories/13252/>
>
> I just read about this vulnerability on MacInTouch this morning, and
> thought that it would be worthwhile to bring it up here on the OW list.
> Am I correct in assuming that since OW uses WebCore, that OW is also
> susceptible to this vulnerability?
>
> As I understand it, the main issue in this vulnerability is the
> potential for a second website to replace the content in a first
> website's popup window. There's no actual security risk here
> (directly), aside from the replaced content, right? (And besides, I
> have popups turned off almost completely anyway...)
>
> Dan Carlson
>
> _______________________________________________
> OmniWeb-l mailing list
> OmniWeb-l at omnigroup.com
> http://www.omnigroup.com/mailman/listinfo/omniweb-l
More information about the OmniWeb-l
mailing list