 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
Zero day Flaw in Safari 3.0.03 Web Browser for Windows
Published October 13th, 2007 in Browser Security, Safari
A full disclosure report from Insecure.org refers to a flaw in Safari 3.0.3 which allows local zones to access external domains. The Safari 3 Public Beta was released on June 11 for Mac OS X and Windows XP/Vista. This beta version is for trial purposes and intended to gather feedback prior to a full release. True enough, we have found that the Safari version 3.0.3(522.15.5) Web browser for the Windows OS automatically downloads a file referred to in an IFRAME tag used on a certain site, for example,
iframe src=”http://www.XXXX.com/XXXX.exe” mce_src=”http://www.XXXX.com/XXXX.exe” name=”iframe” id=”iframe” Unlike IE and Firefox, which displays an alert message like the one below whenever a file is about to be downloaded onto the system, this Safari version does not display any sort of notification. Zero-day Flaw in Safari 3.0.03 Web Browser for Windows - TrendLabs | Malware Blog - by Trend Micro
