MoAB fingers minority browser

Stephen Withers
Monday, 08 January 2007 04:11

Your IT - Home IT

The Month of Apple Bugs has turned its attention to OmniWeb, a respected but little-used Mac-specific web browser.

The bug is "a format string vulnerability in the handling of Javascript alert() function, which could allow remote arbitrary code execution." It has only been verified in version 5.5.1; beta 4 of version 5.5.2 was released last month. Update: OmniWeb 5.5.2 went final yesterday and includes a fix for this bug.

Interestingly, the MoAB duo note that the sample exploit is "actually breaking WebKit [the engine that underlies Safari and other Mac OS X HTML applications], although Safari seems unaffected by this particular issue." Finlay Dobbie, one of the participants in the MoAB Fixes project, disagrees. In an online posting, he asserts the issue is specific to OmniWeb.

The suggested workaround is to use an alternative browser until a patch is released for OmniWeb.

OmniWeb does not show up in Net Applications' browser market share report for December 2006, implying it has a share of less that 0.01 percent. For comparison, Safari took third place behind Internet Explorer and Safari, with a 4.24 percent share.