homepage Welcome to WebmasterWorld Guest from 23.23.9.5
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Apple Safari, critical code bug
Watch out for pop ups
tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4130606 posted 4:17 am on May 11, 2010 (gmt 0)

The latest version of Apple's Safari browser contains a critical bug that allows attackers to install malware on end user machines, security researchers have warned.

The flaw in the way Safari handles parent windows can be exploited "to execute arbitrary code when a user visits a specially-crafted webpage and closes opened pop-up windows," vulnerability tracking service Secunia warned here.

The vulnerability could also be exploited using booby-trapped email that's read using Safari, the US Computer Emergency Readiness Team said on Monday. It has been confirmed in version 4.0.5 for Windows, and the latest Mac version may also be affected.

[theregister.co.uk...]

 

graeme_p

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4130606 posted 9:27 am on May 11, 2010 (gmt 0)

Why does email need to be read using a browser with Javascript enabled?

Why, for that matter, does reading email require a heavyweight rendering engine? There are plenty of light embeddable ones that would be harder to exploit.

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4130606 posted 4:03 pm on May 11, 2010 (gmt 0)

The popularity of webbased email makes it an ideal avenue for malware attacks... hence using a browser to read email. I do agree that JS, for the most part, should be deactivated at all times... activated only on a case by case basis.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved