Another flaw within Safari 3.0 for Windows beta

Security researcher Robert Swiecki disclosed yesterday another vulnerability within the new Safari 3.0 for Windows beta, bringing the total of public vulnerabilities to nine. The latest flaw allows an attacker to steal a cookie. The flaw exists in the Javascript's window.setTimeout()implementation where the content timer-triggered function is processed after window.location property is changed.

In response to other Safari 3.0 vulnerabilities, Apple today released an updated version that addresses three of the nine public vulnerabilities.

[MadKiwi]

B-E-T-A

While it is disappointing to see so many apparent flaws appearing so quickly remember this is BETA software. Anyone stupid enough to replace their current browser with ANY beta software and then use for all their everyday browsing deserves what they get.

Safari 3 beta is NOT ready for prime time. As well as the security issues it crashes when trying to authenticate to a proxy server and, in my case, fails to load pages on our protected intranet.

I look forward to Apple getting Safari right as it has some really nice features but in the mean time it will NOT be anything but a test piece of software for me.

Finally, IMHO, this is turning out to be somewhat of a PR disaster for Apple...

[MaLvaDo39]

BAY TUH!

Crazy people! Of course BETA is not ready for prime time.

Stop trying to use it as your main browser and expect it to be a
release version.

Any publicity is good publicity especially the day when the news
comes through saying Safari is ready for full release.

[TheBugsAttack]

Safari 3.0.1 Beta fixes FIVE of the vulnerabilities

The version released today (3.0.1 Beta) addresses five of the
(now) nine vulnerabilities, not three as the article incorrectly
states:

http://www.rec-sec.co.il/2007/06/12/apple-safari-for-
windows-vulnerabilities/

Look at the end of the page for the five fixed and three of the
(yet) un-fixed vulnerabilities.