Safari DHTML "setAttributeNode" method DoS vulnera
You are here:  SillyDog701 > Message Centre > Mac OS and Apple > [sdt=11663]
SillyDog701 Forums
Author Message
J-M
diamond member


Joined: 25 Jul 2004
Posts: 777
Location: Helsinki, Finland
05 Jul, 2006 3:45 pm Safari DHTML "setAttributeNode" method DoS vulnera [sdp=74963]  
Information about new advisory has been relased at
http://www.frsirt.com/english/advisories/2006/2671

From the advisory:

Quote:
A vulnerability has been identified in Apple Safari, which could be exploited by attackers to cause a denial of service. This flaw is due to a NULL pointer dereference error when handling a specially crafted DHTML "setAttributeNode()" method, which could be exploited by attackers to crash a vulnerable browser by tricking a user into visiting a malicious web page.


Advisory states version 2.0.4 (419.3) and earlier as affected.
Antony and others, is this the newest available (probably yes).

J-M: edited to fix two typos.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Last edited by J-M on 05 Jul, 2006 5:39 pm; edited 3 times in total
Back to top profile website
J-M
diamond member


Joined: 25 Jul 2004
Posts: 777
Location: Helsinki, Finland
05 Jul, 2006 5:42 pm [sdp=74970]  
Okay, the original name of the security issue is Apple Safari DHTML "setAttributeNode" Method Remote Denial of Service Vulnerability.
Word 'vulnera' was used due to limitations of Subject field Smile

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Last edited by J-M on 05 Jul, 2006 5:43 pm; edited once(1)
Back to top profile website
Antony
Site Admin


Joined: 18 Jun 2002
Posts: 12754
Location: Sydney, Australia
05 Jul, 2006 9:44 pm [sdp=74979]  
thanks for reporting. I hope Apple will release an update shortly.

UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
MozInfo701 | MacCentre701 | AntBlog701 | don't steal music.
Back to top profile website
J-M
diamond member


Joined: 25 Jul 2004
Posts: 777
Location: Helsinki, Finland
29 Jul, 2006 3:30 am [sdp=75671]  
Probably they don't release a separate Safari update before the next security update packages, however.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Back to top profile website
Display posts from previous:   
Reply to topic    Forum Index > Mac OS and Apple All times are CST (GMT -6)
page 1 of 1
To add your questions, comments, and for more features and more, please join SillyDog701 Message Centre. It's free! This is SillyDog 701 Message Centre (SD701 Forums).

iTunes Gift Certificates iTunes

*Search | FAQ | Rules and Policies | MozInfo701 - Mozilla Information Centre | SD701 Open Directory | Message Board Map | download Netscape