Safari 1.1 vulnerable to old cookie exploit

[Follow-up: this issue has been fixed on Dec. 5]

SecurityFocus reports that Safari 1.1 is vulnerable to an old Mozilla cookie exploit that was reported about a year ago (perform the test to see by yourself).

6 Comments

So what, if anything, are we advised to do? Stop using the browser altogether?

Report that URL in droves through the "Report Bugs to Apple" and ask them to fix this hole asap. And avoid spams or dubious sites that could use such a trick to sniff your cookies :-).

Just out of interest, someone has developed an input manager to workaround the bug. Via Macintouch, Cookie Monster Fix.

Good tip G, or I should say that it seems like a good tip. For all I know, my cookies are all being send to the CIA now *snarf*

On the paranoia tip, the fix is unofficial and although the source code is bundled with the input manager I have no way of knowing if this is right way to go. The security focus list has a message with a disclaimer -- use it at your own risk!

Such is life. Without the patch I am exposed, with the patch I might be.

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...