Safari Address Bar Spoofing and Memory Corruption Vulnerabilities
http://secunia.com/advisories/29483/
Critical: Highly critical
Impact: Spoofing System access
Where: From remote
Solution Status: Unpatched
" Juan Pablo Lopez Yacubian has discovered two vulnerabilities in
Safari, which can be exploited by malicious people to conduct spoofing
attacks or potentially compromise a user's system.
1) An error when downloading e.g. a .ZIP file with an overly long
filename can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
2) An error in the handling of windows can be exploited to display
arbitrary content while showing the URL of a trusted web site in the
address bar. "
Should Windows users boycott Apple's Safari?
http://blogs.computerworld.com/should_wind...t_apples_safari
If you're going to use Safari be aware of the 2 unpatched Critical
vulnerabilities it has and the means by which Apple is distributing it.
MowGreen [MVP 2003-2008]
===============
-343- FDNY
Never Forgotten
===============
newcontributor wrote:
<span style="color:blue">
> I tried to download some freeware from "superantispyware", a utility
> recommended on a Zonealarm forum.
> As I said in my earlier post, the download worked OK with Firefox, but not
> when I used the safari browser.
>
> "Nobody" wrote:
>
> <span style="color:green">
>>What are you trying to download and from where?
>>
>>"newcontributor" <newcontributor@discussions.microsoft.com> wrote in message
>>news:4744CC64-FB76-4355-9EEB-D5CDAB27A013@microsoft.com...
>><span style="color:darkred">
>>>Windows will not let me download .exe files.As soon as download finishes
>>>it
>>>says it "this file is potentially harmful" and "has blocked access to this
>>>file".The file does not appear in the "my downloads" folder.
>>>How do I tweak Windows XP so I can download useful utilities ? </span>
>>
>>
>></span></span>