Apple Safari Address Bar Spoofing Vulnerability June-10 (Win) Network Vulnerability

Summary

The host is installed with Apple Safari and is prone to spoofing vulnerability.

Impact

Successful exploitation will let attackers to conduct spoofing attacks via a crafted HTML document. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to an error in handling of address bar, which does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content.

Affected

Apple Safari version 5.0(5.33.16.0) and prior on Windows.

References

http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
https://bugzilla.mozilla.org/show_bug.cgi?id=556957

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2454
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities - 01 Mar14
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Apple Remote Desktop Information Disclosure Vulnerability
Apache /server-info accessible

Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)

Take action and discover your vulnerabilities