homepage Welcome to WebmasterWorld Guest from 54.204.67.26
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Apple Safari, critical code bug
Watch out for pop ups
tangor




msg:4130604
 4:17 am on May 11, 2010 (gmt 0)

The latest version of Apple's Safari browser contains a critical bug that allows attackers to install malware on end user machines, security researchers have warned.

The flaw in the way Safari handles parent windows can be exploited "to execute arbitrary code when a user visits a specially-crafted webpage and closes opened pop-up windows," vulnerability tracking service Secunia warned here.

The vulnerability could also be exploited using booby-trapped email that's read using Safari, the US Computer Emergency Readiness Team said on Monday. It has been confirmed in version 4.0.5 for Windows, and the latest Mac version may also be affected.

[theregister.co.uk...]

 

graeme_p




msg:4130695
 9:27 am on May 11, 2010 (gmt 0)

Why does email need to be read using a browser with Javascript enabled?

Why, for that matter, does reading email require a heavyweight rendering engine? There are plenty of light embeddable ones that would be harder to exploit.

tangor




msg:4130876
 4:03 pm on May 11, 2010 (gmt 0)

The popularity of webbased email makes it an ideal avenue for malware attacks... hence using a browser to read email. I do agree that JS, for the most part, should be deactivated at all times... activated only on a case by case basis.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved