CESA-2008-004 - rev 2

[See all my vulnerabilities at http://scary.beasts.org/security]

[Blog if you want to subscribe to new findings is at http://scarybeastsecurity.blogspot.com/]

Safari libxslt attack vector

Programs affected: Safari.
Severity: Possible remote code execution in browser.
Apple advisory: APPLE-SA-2008-07-11

Safari (and WebKit) use libxslt for XSLT support in the browser. Until this Apple update, the libxslt version used had known crashes and vulnerabilities, for example:



XSLT in browsers would seem to be an under-researched attack vector. XSLT is a turing-complete language; always an interesting part of the attack surface.

Demo URL to flatten Safari: http://scary.beasts.org/misc/msxml.xml


CESA-2008-004 - rev 2
Chris Evans