Apple Safari for OS X URI spoofing

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1041146 漏洞类型
发布时间 2015-10-05 更新时间 2015-10-05
CVE编号 CVE-2015-5764
CVE-2015-5764
CVE-2015-5764
CVE-2015-5764
CVE-2015-5764
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2015100032
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Apple Safari for OS X was prone to URI spoofing vulnerability  (and more general a user interface spoofing). 
Apple released security updates for Safari 9<https://support.apple.com/kb/HT205265> on OS X and assigned CVE-2015-5764. 
Accidentally this vulnerability was also present in iOS.

Instant demo
In Safari up to 8.0.8 :

  *   go to https://asanso.github.io/CVE-2015-5764/file0.html
  *   click "click me!"
  *   notice the address bar being "data:text/html,%3CH1%3EHi!!%3C/H1%3E"
  *   go back using the browser button
  *   click "click me!"
  *   notice the address bar being http://www.intothesymmetry.com/CVE-2015-5764/file0.php !!!!

You can find the details in http://intothesymmetry.blogspot.it/2015/09/apple-safari-uri-spoofing-cve-2015-5764.html

regards

antonio