Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Apple Safari web browser and is prone to address bar spoofing vulnerability.

Impact

Successful exploitation will let attackers to conduct spoofing attacks via a crafted HTML document. Impact Level: Application

Solution

Upgrade to Apple Safari version 5.1.2 or later, For updates refer to http://www.apple.com/support/downloads/

Insight

The flaw is due to an improper implementation of the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page.

Affected

Apple Safari version 5.0.5 on Windows

References

http://secunia.com/advisories/44976
http://securitytracker.com/id/1026775
http://xforce.iss.net/xforce/xfdb/73712

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3844

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Webkit Multiple Vulnerabilities - March 2011
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)

Take action and discover your vulnerabilities