Apple’s Safari browser is beginning to look like a bullet-ridden car in Iraq.
According to a warning posted to security mailing lists, there are multiple security flaws in Safari 3.1.1 that put users at risk of ID-theft spoofing attacks or, worse, expose them to drive-by malware downloads.
I have confirmed the spoofing bug based on a proof-of-concept provided in the warning. Here’s an example:
Safari is also vulnerable to at least two different denial-of-service attacks that could be more dangerous if hackers find a way to exploit the browser crashes.
In the absence of a patch, Safari users should consider using a different browser–Firefox or Opera.