OSVDB ID: 84207

Title: WebKit Canonicalization URL Handling location.href Property XSS Weakness

Info

Disclosure

Jul 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2012

Description

WebKit contains a flaw that is triggered when a canonicalization error occurs during the handling of URLs. This may allow a remote attacker to conduct cross-site scripting attacks against websites using the location.href property.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Third-Party Solution
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability. Upgrade to Apple Safari version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Safari

5.1.7

References

Security Tracker: 1027307
CVE ID: 2012-3695 (see also: NVD)
Secunia Advisory ID: 50058 50586
Related OSVDB ID: 84200 84201 84203 84204 84205 84206 84208 84209 84210 84211 84213 84214
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5400
http://support.apple.com/kb/HT5503

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84207