Safari Beta 3.0.2 for Windows fixes another batch of vulnerabilities
Apple has released a new version of its Microsoft Windows web browser. Safari Beta 3.0.2 fixes four newly found vulnerabilities:
Impact: A maliciously crafted website may control the contents of the address bar
Description: In Safari Beta 3.0.1 for Windows, a timing issue allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.
Impact: Visiting a malicious website may allow cross-site scripting
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could conduct cross-site scripting attacks. This update addresses the issue by performing additional validation of header parameters.
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution.