Safari 4.0.4 DOS Failure of Exception Handling
Friday, February 5, 2010 at 09:13AM
drStrangeP0rk in Apple, DoS, Safari

Majorsecurity.info is reporting a DOS vulnerability in Safari 4.0.4 and earlier versions. The vulnerability exist in the WebKit engine making other applications vulnerable. Although not listed in the Major Security Advisory the Mac platform is vulnerable resulting in first a slow script error and then a application crash.

The proof of concept posted demonstrates the flaw by creating a host of marquee tags causing Safari to crash. It has been confirmed that this does affect MacOSX in addition to the Windows Platform. The script cannot lead to remote code execution. 

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.