Simon Willison’s Weblog

Items tagged security, safari in 2007

Filters: Year: 2007 × security × safari ×


Site-specific browsers and GreaseKit. New site-specific browser tool which lets you include a bunch of Greasemonkey scripts. For me, the killer feature of site-specific browsers is still cookie isolation (to minimise the impact of XSS and CSRF holes) but none of the current batch of tools advertise this as a feature, and most seem to want to share the system-wide cookie jar. # 25th October 2007, 7:56 am

(somewhat) breaking the same-origin policy by undermining dns-pinning. This is the best technical explanation of the DNS rebinding attack I’ve seen. The linked demo worked for me in Safari but not in Camino. # 2nd August 2007, 12:53 pm

Safari Beta 3.0.1 for Windows. A nice fast turnaround on fixes for security flaws in the beta. # 14th June 2007, 9:56 am

Safari for Windows, 0day exploit in 2 hours (via) Once again, down to handling of alternative URL protocol schemes. # 12th June 2007, 1:30 pm