Technology news and Jobs 
VIRTUALISATION Safari 3.1 includes security fixes
VIRTUALISATION Safari 3.1 includes security fixes | Safari 3.1 includes security fixes |
|
| by Stephen Withers | |
| Wednesday, 19 March 2008 | |
|
Page 1 of 2   
Featured Whitepaper
5 Best Practices for Smartphone Support
These relate to SSL certificate validation (fixed by Security Update 2007-008, Mac OS X 10.4.11 and 10.5 or later), proxy servers that deliver fake copies of secure pages (fixed in Mac OS X 10.5.2 or Security Update 2008-002 for Mac OS X 10.4.11) or a certain cross-site scripting attack that does not affect Mac OS X. Another cross-site scripting attack - one that uses exploits a flaw in the handling of javascript: URLs - is addressed on both platforms. Safari 3.1 carries out additional validation to prevent malicious sites from causing the execution of JavaScript in another site's context. Another nine fixes have been applied to the WebCore and WebKit frameworks used by Safari and other applications, and these affect Mac OS X and Windows. Seven of them relate to cross-site scripting vulnerabilities, another is an 'over the shoulder' vulnerability (it seems the Kotoeri input method sometimes failed to display the contents of password input fields as bullets) and the ninth is another example of our old favourite, the buffer overflow issue with the possibility of executing arbitrary code. Apple also claims Safari 3.1 is the first browser to support the new video and audio tags in HTML 5 and the first to support CSS Animations. CONTINUED |
| < Next story in category | Previous story in the category > |
|---|
