Forum Thread: Apple Safari Stylesheet Redirection Information Disclosure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Apple Safari Stylesheet Redirection Information Disclosure

Secunia Apple Safari Stylesheet Redirection Information Disclosure
Secunia Official 12th Mar, 2010 19:08
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Cesar Cerrudo has discovered a vulnerability in Apple Safari, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to the application following redirects for stylesheets and allowing to read the target URL. This can be exploited on sites that use redirects to URLs containing potentially sensitive information e.g. within the query string.

This is related to vulnerability #8 in:
SA28758

NOTE: This does not affect redirects to URLs using HTTPS.

The vulnerability is confirmed in version 4.0.4 on Windows. Other versions may also be affected.

Websafe

RE: Apple Safari Stylesheet Redirection Information Disclosure
[+]
This reply has been minimised due to a negative Relevancy Score.
Websafe RE: Apple Safari Stylesheet Redirection Information Disclosure
Member 12th Mar, 2010 19:11
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: N/A
Location: NL
Last edited on 12th Mar, 2010 19:11
Apple has released a new version of its internet browser Safari (4.0.5)
Download: http://www.apple.com/safari/download/

Does this new version resolve the vulnerability mentioned in Secunia Advisory SA37931?

Have a nice day,
Websafe.
Was this reply relevant?
+2
-0