CVE-2008-1006 Information

Description

Cross-site scripting (XSS) vulnerability in WebCore as used in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

Reference

http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28332 http://www.securitytracker.com/id?1019653 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41326