CVE-2007-2400 Information

Description

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X Windows XP Windows Vista and iPhone before 1.0.1 allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

Reference

http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html http://osvdb.org/36452 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/289988 http://www.securityfocus.com/bid/24599 http://www.securitytracker.com/id?1018282 http://www.vupen.com/english/advisories/2007/2316 http://www.vupen.com/english/advisories/2007/2731