---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Safari AutoFill Information Disclosure SECUNIA ADVISORY ID: SA23066 VERIFY ADVISORY: http://secunia.com/advisories/23066/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Safari 2.x http://secunia.com/product/5289/ DESCRIPTION: A vulnerability has been discovered in Safari, which can be exploited by malicious people to conduct phishing attacks. The vulnerability is caused due to the AutoFill feature is not properly checking the URL before automatically filling saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain. Successful exploitation requires that the "User names and passwords" option is enabled in the AutoFill preferences. The vulnerability is confirmed in version 2.0.4. Other versions may also be affected. SOLUTION: Disable the "AutoFill" option for user names and passwords in the preferences. ORIGINAL ADVISORY: https://bugzilla.mozilla.org/show_bug.cgi?id=360493 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------