SillyDog701

Message Centre 3.0

Skip to content

Safari DHTML "setAttributeNode" method DoS vulnera

Apple products and Mac operating systems. Including discussions on Virtual PC for Mac, Parallels Desktop for Mac, all Apple hardware and everything relating to Mac!
(MacCentre701)

Moderator: Mandrake

Post a reply

Safari DHTML "setAttributeNode" method DoS vulnera

Postby J-M » Wed 05 Jul, 2006 4:45 pm

Information about new advisory has been relased at
http://www.frsirt.com/english/advisories/2006/2671

From the advisory:

A vulnerability has been identified in Apple Safari, which could be exploited by attackers to cause a denial of service. This flaw is due to a NULL pointer dereference error when handling a specially crafted DHTML "setAttributeNode()" method, which could be exploited by attackers to crash a vulnerable browser by tricking a user into visiting a malicious web page.


Advisory states version 2.0.4 (419.3) and earlier as affected.
Antony and others, is this the newest available (probably yes).

J-M: edited to fix two typos.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Last edited by J-M on Wed 05 Jul, 2006 6:39 pm, edited 3 times in total.
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby J-M » Wed 05 Jul, 2006 6:42 pm

Okay, the original name of the security issue is Apple Safari DHTML "setAttributeNode" Method Remote Denial of Service Vulnerability.
Word 'vulnera' was used due to limitations of Subject field :)
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Last edited by J-M on Wed 05 Jul, 2006 6:43 pm, edited 1 time in total.
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby Antony » Wed 05 Jul, 2006 10:44 pm

thanks for reporting. I hope Apple will release an update shortly.
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
User avatar
Antony
diamond member
diamond member
 
Posts: 14342
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby J-M » Sat 29 Jul, 2006 4:30 am

Probably they don't release a separate Safari update before the next security update packages, however.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top
Post a reply

Return to Mac OS and Apple

Who is online

Registered users: Google [Bot], Yahoo [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac