CVE-2007-4692

Name of the Vulnerable Software and Affected Versions: Apple Safari versions 3.0 through 3.0.3 on Windows Apple Safari on Mac OS X versions 10.4 through 10.4.10

Description: The issue allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks. This is achieved by causing an authentication sheet to be displayed for a non-active tab, making it appear as if it is associated with the active tab.

Recommendations: For Apple Safari versions 3.0 through 3.0.3 on Windows, update to Beta Update 3.0.4 or later. For Apple Safari on Mac OS X versions 10.4 through 10.4.10, consider upgrading to a later version of Mac OS X that includes an updated version of Safari.