Apple Safari 1.0 up to and including 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote malicious users to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari 1.1 |
||
apple safari 1.0 |
||
apple mac os x 10.2.8 |
||
apple mac os x 10.3.1 |
||
apple mac os x server 10.2.8 |
||
apple mac os x server 10.3.1 |