Security Update 2004-12-02

Security Update 2004-12-02 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

Apache
AppKit
HIToolbox
Kerberos
Postfix
PSNormalizer
Safari
Terminal

For detailed information on this Update, please visit: Apple Security Updates

advertisement:

Safari Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8 CVE-ID: CAN-2004-1121 Impact: Specially crafted HTML can display a misleading URI the Safari status bar. Description: Safari could be tricked into displaying a URI in its status bar that was not the same as the destination of a link. This update corrects Safari so that it now displays the URI that will be activated when selected.


Safari
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1122
Impact: With multiple browser windows active Safari users could be mislead about which window activated a pop-up window.
Description: When multiple Safari windows are open, a carefully timed pop-up could mislead a user into thinking it was activated by a different site. In this update Safari now places a window that activates a pop-up in front of all other browser windows. Credit to Secunia Research for reporting this issue.


Safari 1.2.4 (125.12)


Posted by Antony at December 3, 2004 10:01 AM

>> more MacCentre701 December 2004 reports.