-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2007.0456 -- [Win][OSX]
                     Apple Safari 3 Beta Update 3.0.2
                               25 June 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Safari 3 Beta
Publisher:            Apple
Operating System:     Mac OS X
                      Windows Vista
                      Windows XP
Impact:               Execute Arbitrary Code/Commands
                      Cross-site Scripting
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-2401 CVE-2007-2400 CVE-2007-2399
                      CVE-2007-2398

Original Bulletin:    http://www.apple.com/safari/download/

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-06-22 Safari 3 Beta Update 3.0.2

Safari
CVE-ID:  CVE-2007-2398
Available for:  Windows XP or Vista
Impact:  A maliciously crafted website may control the contents of
the address bar
Description:  In Safari Beta 3.0.1 for Windows, a timing issue allows
a web page to change the contents of the address bar without loading
the contents of the corresponding page.  This could be used to spoof
the contents of a legitimate site, allowing user credentials or other
information to be gathered.  This update addresses the issue by
restoring the address bar contents if a request for a new web page is
terminated.  This issue does not affect Mac OS X systems.

Safari
CVE-ID:  CVE-2007-2400
Available for:  Mac OS X v10.4.9 or later, Windows XP or Vista
Impact:  Visiting a malicious website may allow cross-site scripting
Description:  Safari's security model prevents JavaScript in remote
web pages from modifying pages outside of their domain.  A race
condition in page updating combined with HTTP redirection may allow
JavaScript from one page to modify a redirected page.  This could
allow cookies and pages to be read or arbitrarily modified.  This
update addresses the issue by correcting access control to window
properties.  Credit to Lawrence Lai, Stan Switzer, Ed Rowe of Adobe
Systems, Inc for reporting this issue.

WebCore
CVE-ID:  CVE-2007-2401
Available for:  Mac OS X v10.4.9 or later, Windows XP or Vista
Impact:  Visiting a malicious website may allow cross-site requests
Description:  An HTTP injection issue exists in XMLHttpRequest when
serializing headers into an HTTP request.  By enticing a user to
visit a maliciously crafted web page, an attacker could conduct
cross-site scripting attacks.  This update addresses the issue by
performing additional validation of header parameters.  Credit to
Richard Moore of Westpoint Ltd for reporting this issue.

WebKit
CVE-ID:  CVE-2007-2399
Available for:  Mac OS X v10.4.9 or later, Windows XP or Vista
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  An invalid type conversion when rendering frame sets
could lead to memory corruption.  Visiting a maliciously crafted web
page may lead to an unexpected application termination or arbitrary
code execution.  Credit to Rhys Kidd of Westnet for reporting this
issue.

Note:  This update will appear for systems running Safari 3 Beta.  It
includes the entire contents of Security Update 2007-006.  Security
Update 2007-006 itself will not appear via Software Update for
systems that have installed Safari 3 Beta.

Safari 3 Beta Update 3.0.2 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/

For Mac OS X
The download file is named:  "Safari302Beta.dmg"
Its SHA-1 digest is:  b8ee8d7c1ac3237de2ab0524077a20bae7f55001

Safari for Windows XP or Vista
The download file is named:  "SafariSetup.exe"
Its SHA-1 digest is:  3cbbf5a09ece4cac7f35b79f67b6990d5c0565f3

Safari+QuickTime for Windows XP or Vista
The download file is named:  "SafariQuickTimeSetup.exe"
Its SHA-1 digest is:  7f0ea984bbdcbba4a3a85d785f2fdb810ed3954a

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRnw3ccgAoqu4Rp5tAQgYvwf/VJn4IiZRU7UDu+bDn5b9QFfZ+HqvukiY
6lqba2GXPO7WS6wqkFafUVDBB/PDsQ75BbzPwi1Mr/UDBxUj6d5OvnyUDJ0D9bG8
uDQujhZazEUuhDYom+IqC6OgVr1jMF70RI/nPNr14GGFXLF+IuIlTtLu9UHi5nME
OzQ+W6THIBxhfckgP0CGkh5wi7BdSSfo0UviY+tg8+F1GQieNysk1FNtj3JspQOD
NB/3v6bmPlFwJayNqVjYlduIa6ycCvJhpeupWFzNqOjeEIwlhlv3BSsrnWPZVd4f
YiibgfkYXMO0f0UPx3iwzimux88mlD2wvgqBn7lEfobVsCTJD5dCPA==
=vzAk
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRn8Xxyh9+71yA2DNAQJofQP/cNjIns272+4K3Q84PssLYrPIsFjM5qBz
vvV4qPefYACJuhWsocClBqccRvJcNwc4sySfCYVVbBiYamSRFH9jMgshoIFUhqnV
3pk+HDvctLoonRvsbfBZzx83cEKn5XU7jemcJyc5BOT5GvqGVAYJ/Pvvu28/gtoh
aBoysMH/4MM=
=f575
-----END PGP SIGNATURE-----