[37179] in bugtraq
Safari vulnerable to URL spoofing
daemon@ATHENA.MIT.EDU (Gilbert Verdian)
Tue Nov 2 02:35:32 2004
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: <2BB5E177-2B48-11D9-A9F4-000A95A012EE@neoresearch.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: bugtraq@securityfocus.com
From: Gilbert Verdian <gverdian@neoresearch.org>
Date: Mon, 1 Nov 2004 01:21:35 +1100
Following the discovery by Benjamin Tobias Franz for spoofing URLs in
IE by using tables within links.
http://www.packetstormsecurity.nl/0410-advisories/msieLink.txt
It is possible to spoof URLs under OS X in the latest Safari browser
1.2.3 (v125.9) by using the same method.
Ironically, this does not work with Internet Explorer on OS X version
5.2.3 (5815.1).
Tested on OS X 10.3.5 (build 7M34) with latest software update.
Further details and example at
http://www.neoresearch.org/[neo]safari_url_spoof.html
regards,
Gilbert Verdian
neoresearch.org
