CVE-2007-2398

Name of the Vulnerable Software and Affected Versions Apple Safari version 3.0.1 beta (522.12.12)

Description The issue allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content. This is achieved by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.

Recommendations For Apple Safari version 3.0.1 beta (522.12.12), consider disabling the use of setTimeout() function in conjunction with location bar settings to minimize the risk of exploitation until a patch is available. Restrict access to modifying the window title and address bar to prevent arbitrary content filling.