Mac OS X Safari Remote Web Archive Processing XSS

Network Security News – Thursday, September 29, 2005 Events

Mac OS X Safari Remote Web Archive Processing XSS

Mac OS X contains an unspecified flaw that allows a remote cross site scripting attack. This flaw exists because Safari allows the viewing of remote web archives, which may be rendered as content from sites which did not serve them. This could allow a user to create a specially crafted archive that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19709

FreeBSD devfs Device Disclosure jail(2) Bypass

The device file system (devfs) on FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when devfs fails to sufficiently check parameters of the node type during device creation. This allows a malicious user to bypass devfs rulesets and access hidden device nodes on devfs mounted file systems within a jail. This flaw may lead to a loss of confidentiality, integrity and/or availability.. Read more at osvdb.org/18123