|
##############################################################
- S21Sec Advisory -
##############################################################
Title: Safari 2 Denial of Service
ID: S21SEC-039-en
Severity: Medium - Remote DoS
History: 15.Jul.2007 Vulnerability discovered
22.Jul.2007 Vendor contacted
27.Jul.2007 Vendor confirmed the vulnerability
26.Oct.2007 Safari 3 in Leopard
14.Nov.2007 Safari 3 in Tiger
Scope: Remote Denial of Service
Platforms: MacOSX
Author: David Barroso (dbarroso@s21sec.com)
URL: http://www.s21sec.com/avisos/s21sec-039-en.txt
Release: Public
[ SUMMARY ]
According to Wikipedia, Safari is a web browser developed by Apple Inc.
and included in Mac OS X.
It was first released as a public beta on January 7, 2003, as the default
browser in Mac OS X v10.3. A beta version for Microsoft Windows was
released for the first time on June 11, 2007 with support for Windows XP
and Windows Vista
[ AFFECTED VERSIONS ]
Following versions are affected with this issue:
- Safari Version 2 (MacOSX Version)
[ DESCRIPTION ]
A crafted HTML page can make Safari crash when trying to parse the page
due to an unproper validation in the KHTML Webkit.
Example: