Comments on: Stealing More Files with Safari http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/?utm_source=rss&utm_medium=rss&utm_campaign=stealing-more-files-with-safari Thoughts on Security in an Uncivilized World… Fri, 27 Apr 2012 13:53:43 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Safari 3.2.2 Feed Protocol Handler Issues | SecurityGuy.org http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-1758 Safari 3.2.2 Feed Protocol Handler Issues | SecurityGuy.org Fri, 07 Jan 2011 10:05:55 +0000 http://xs-sniper.com/blog/?p=219#comment-1758 [...] had reported to Apple earlier in the year.  The details of the original vulnerability can be found here.  Once PoC for the original bug was made public, a researcher named Alfredo Melloni contacted me [...] [...] had reported to Apple earlier in the year.  The details of the original vulnerability can be found here.  Once PoC for the original bug was made public, a researcher named Alfredo Melloni contacted me [...]

]]> By: mike face http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-749 mike face Tue, 24 Mar 2009 21:43:46 +0000 http://xs-sniper.com/blog/?p=219#comment-749 i like to share all your p@rn thru this exploit. i like to share all your p@rn thru this exploit.

]]> By: xssniper http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-735 xssniper Tue, 17 Feb 2009 06:29:34 +0000 http://xs-sniper.com/blog/?p=219#comment-735 @John - From a pure security engineering standpoint, giving the feed:// protocol access to the local file system is a bad idea. I'm not sure why the design is as it is, but I'm guessing that it is a side effect of loading the feed HTML templates from the local file system @John – From a pure security engineering standpoint, giving the feed:// protocol access to the local file system is a bad idea. I’m not sure why the design is as it is, but I’m guessing that it is a side effect of loading the feed HTML templates from the local file system

]]> By: Grab bag: Simplify Media and the stimulus package (Jarrett House North) http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-734 Grab bag: Simplify Media and the stimulus package (Jarrett House North) Tue, 17 Feb 2009 01:08:15 +0000 http://xs-sniper.com/blog/?p=219#comment-734 [...] Stealing More Files with Safari (Billy (BK) Rios) Explaining the XSS vulnerability in Safari’s RSS feed reader. Seems to have been a specific problem for the filtering strategy that Apple used to filter feed content. (tags: security xss safari) [...] [...] Stealing More Files with Safari (Billy (BK) Rios) Explaining the XSS vulnerability in Safari’s RSS feed reader. Seems to have been a specific problem for the filtering strategy that Apple used to filter feed content. (tags: security xss safari) [...]

]]> By: john fsck http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-731 john fsck Sat, 14 Feb 2009 09:36:13 +0000 http://xs-sniper.com/blog/?p=219#comment-731 Hey, just curious, any legitimate reason why feed:// would need access to the local filesystem? I thought it would behave similar to other cross domain situations. Hey, just curious, any legitimate reason why feed:// would need access to the local filesystem? I thought it would behave similar to other cross domain situations.

]]>