Security researcher Robert Swiecki has found yet another hole in WinSafari—this time in the newly patched 3.0.1 version that Apple hurried out in response to holes Swiecki and others found in the browser beta earlier last week.
This vulnerability can be exploited with a malicious Web site, where an attacker can fill in a victim’s URL bar with whatever address he or she chooses. An attacker can also fill the client browser window with arbitrary content.
Swiecki tested the vulnerability on what he called the “shiny, new, patched Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2.”
Another security researcher, Mark Senior, reported that he tested the vulnerability on OS X, Safari 2.0.4, OmniWeb 5.5.4, and Camino 1.0.3 but, although all “have different behaviors,” none is vulnerable, he said.
Apple hadn’t responded to requests for comment by the time this posted.
