{"vuid":"VU#289988","idnumber":"289988","name":"Apple Safari cross-domain HTTP redirection race condition","keywords":["Apple","Safari","race condition","JavaScript","redirected page","apple_2007-006"],"overview":"Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation.","clean_desc":"Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may allow JavaScript to modify content in another domain, which is a violation of the same-origin policy. Note that this vulnerability is reported to only be in the Safari 3 beta, which is available for Mac OS X 10.4.9, Windows XP, and Vista.","impact":"By convincing a user to view a specially crafted HTML document (e.g., a web page, an HTML email message, or an email attachment), an attacker may be able to execute script or obtain full access to content in a different domain. The impact is similar to that of a cross-site scripting vulnerability. This includes the ability to spoof or modify web content, access website information such as cookies, or retrieve data from an encrypted HTTPS connection. For a more detailed description of the impact of cross-site scripting vulnerabilities, please see CERT Advisory CA-2000-02.","resolution":"Apply an update\nThis issue is addressed by Apple Safari Beta Update 3.0.2.","workarounds":"Disable JavaScript This vulnerability can be mitigated in Safari by disabling JavaScript. Guidelines for setting preferences in Safari can be found in the \"Securing Your Web Browser\" document.","sysaffected":"","thanks":"This vulnerability was reported by Apple, who in turn credit Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc.","author":"This document was written by Will Dormann.","public":["http://www.apple.com/safari/download/","http://www.mozilla.org/projects/security/components/same-origin.html","http://docs.info.apple.com/article.html?artnum=61798","http://docs.info.apple.com/article.html?artnum=306173","http://secunia.com/advisories/26287/"],"cveids":["CVE-2007-2400"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-06-21T20:37:50Z","publicdate":"2007-06-25T00:00:00Z","datefirstpublished":"2007-06-25T14:35:01Z","dateupdated":"2007-09-21T15:02:56Z","revision":11,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"3","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"7","cam_impact":"5","cam_easeofexploitation":"6","cam_attackeraccessrequired":"17","cam_scorecurrent":"0.4685625","cam_scorecurrentwidelyknown":"1.6065","cam_scorecurrentwidelyknownexploited":"2.94525","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.4685625,"vulnote":null}