CVE-2008-1999 Information

Description

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many \invisible\ characters in the userinfo subcomponent of the authority component of the URL (aka the user field) as demonstrated by E38080 sequences.

Reference

http://es.geocities.com/jplopezy/pruebasafari3.html http://secunia.com/advisories/29900 http://securityreason.com/securityalert/3833 http://www.securityfocus.com/archive/1/491192/100/0/threaded http://www.vupen.com/english/advisories/2008/1347 https://exchange.xforce.ibmcloud.com/vulnerabilities/41981