Operating System:

[WIN]

Published:

15 November 2007

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2007.0915 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                          ESB-2007.0915 -- [Win]
                   Safari 3 Beta Update 3.0.4 (Windows)
                             15 November 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Safari
                      WebCore
                      WebKit
Publisher:            Apple
Operating System:     Windows
Impact:               Execute Arbitrary Code/Commands
                      Cross-site Scripting
                      Access Confidential Data
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-4812 CVE-2007-4698 CVE-2007-4692
                      CVE-2007-4671 CVE-2007-3760 CVE-2007-3758
                      CVE-2007-3756 CVE-2007-2754 CVE-2007-1352
                      CVE-2007-1351

Ref:                  ESB-2007.0913

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-11-14 Safari 3 Beta Update 3.0.4 (Windows)

Safari 3 Beta Update 3.0.4 (Windows) is now available and addresses
the following issues:

Safari
CVE-ID:  CVE-2007-4692
Available for:  Windows XP or Vista
Impact:  An issue in Safari Tabbed browsing may lead to the
disclosure of user credentials
Description:  An implementation issue exists in the Tabbed browsing
feature of Safari. If HTTP authentication is used by a site being
loaded in a tab other than the active tab, an authentication sheet
may be displayed although the tab and its corresponding page are not
visible. The user may consider the sheet to come from the currently
active page, which may lead to the disclosure of user credentials.
This update addresses the issue through improved handling of
authentication sheets. Credit to Michael Roitzsch of Technical
University Dresden for reporting this issue.

Safari
CVE-ID:  CVE-2007-1351, CVE-2007-1352, CVE-2007-2754
Available for:  Windows XP or Vista
Impact:  Multiple vulnerabilities in FreeType v2.2.1
Description:  Multiple vulnerabilities exist in FreeType v2.2.1, the
most serious of which may lead to arbitrary code execution. This
update addresses the issue by updating FreeType to version 2.3.5.
Further information is available via the FreeType site at
http://www.freetype.org/

WebCore
CVE-ID:  CVE-2007-3758
Available for:  Windows XP or Vista
Impact:  Visiting a malicious website may lead to cross-site
scripting
Description:  A cross-site scripting issue in Safari allows malicious
websites to set JavaScript window properties of websites served from
a different domain. By enticing a user to visit a maliciously crafted
web page, an attacker may be able to get or set the window status and
location of pages served from other websites. This update addresses
the issue by providing improved access controls on these properties.
Credit to Michal Zalewski of Google Inc. for reporting this issue.

WebCore
CVE-ID:  CVE-2007-3760
Available for:  Windows XP or Vista
Impact:  Visiting a malicious website may lead to cross-site
scripting
Description:  A cross-site scripting issue in Safari allows a
malicious website to bypass the same origin policy by hosting
embedded objects with javascript URLs. By enticing a user to visit a
maliciously crafted web page, an attacker may cause the execution of
JavaScript in the context of another site. This update addresses the
issue by restricting the use of the javascript URL scheme and adding
additional origin validation for these URLs. Credit to Michal
Zalewski of Google Inc. and Secunia Research for reporting this
issue.

WebCore
CVE-ID:  CVE-2007-3756
Available for:  Windows XP or Vista
Impact:  Visiting a malicious website may lead to the disclosure of
URL contents
Description:  Safari may allow a web page to read the URL that is
currently being viewed in its parent window. By enticing a user to
visit a maliciously crafted web page, an attacker may be able to
obtain the URL of an unrelated page. This update addresses the issue
through an improved cross-domain security check. Credit to Michal
Zalewski of Google Inc. and Secunia Research for reporting this
issue.

WebKit
CVE-ID:  CVE-2007-4671
Available for:  Windows XP or Vista
Impact:  JavaScript on websites may access or manipulate the contents
of documents served over HTTPS
Description:  An issue in Safari allows content served over HTTP to
alter or access content served over HTTPS in the same domain. By
enticing a user to visit a maliciously crafted web page, an attacker
may cause the execution of JavaScript in the context of HTTPS web
pages in that domain. This update addresses the issue by preventing
JavaScript access from HTTP to HTTPS frames. Credit to Keigo Yamazaki
of LAC Co., Ltd. (Little eArth Corporation Co., Ltd.) for reporting
this issue.

WebKit
CVE-ID:  CVE-2007-4698
Available for:  Windows XP or Vista
Impact:  Visiting a malicious website may lead to cross-site
scripting
Description:  Safari allows JavaScript events to be associated with
the wrong frame. By enticing a user to visit a maliciously crafted
web page, an attacker may cause the execution of JavaScript in the
context of another site. This update addresses the issue by
associating JavaScript events with the correct source frame.

WebKit
CVE-ID:  CVE-2007-4812
Available for:  Windows XP or Vista
Impact:  Visiting a malicious website may lead to arbitrary code
execution
Description:  A buffer overflow exists in Safari's handling of the
status bar. By enticing a user to visit a maliciously crafted web
page, an attacker may cause arbitrary code execution. This update
addresses the issue by re-implementing the status bar handling.

Safari 3 Beta Update 3.0.4 (Windows) is available via the Apple
Software Update application, or Apple's Safari download site at:
http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named:  "SafariSetup.exe"
Its SHA-1 digest is:  54f68120298fd628255474d13e10562fcdbf2a14

Safari+QuickTime for Windows XP or Vista
The download file is named:  "SafariQuickTimeSetup.exe"
Its SHA-1 digest is:  a8afe488e2afcc8ccc9425792d5fc74ac9e25d10

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: 9.7.0.867

wsBVAwUBRztc8MgAoqu4Rp5tAQi2PQgAsBkFgf2vdsiiPOvdOLJ9kWiZaw9Q4lfd
V5ntJlzUR09257XFZWYckraUZXaeZkuBbcSZsrCijiZuk9vj7a5F5uw4nSAvT/hp
cNkPHd6GK5jYvyQVyrTOfFTRWwXQlNMN5UEZuS9puLZqUwDCVcoQGA/ex/qFsjH1
baR5Cl05StMdTN0KBhocY8HZNr+iWDEx57t1VdEyQVZqfImbxh94DmzKJ/EJhWZ8
tgi1EisLjMBnA/OlTDyScdCQTdJmXF4BRf+4/pCvJAJPWkLcRFV7GcE5Cby9RJK7
GYtjFV9GKuYiBNmX/Ku/C5y2KqfSXJqiSSHs7YkEGeURKuK4sbJLqw==
=iPVV
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRzu/qSh9+71yA2DNAQIHBQP/QPvJ8uwV9rK0DWhG42aD+1JfDH1YTJPA
IPBxH/UijyMpHyLNfvUaICHTlMAZkCkv4xlW+2GTZnnqAt2rdbSSra60RXfdrkA6
nDee6jV7SfU1Vc759of6z5qbWwGg3hvmiHeJkbWgoGcicy4fte76M61mAEgkOUBc
CJucTlTeKa8=
=KyUm
-----END PGP SIGNATURE-----