Full title: Apple Safari 6.0.2 (OS X) file:// Multiple Vulnerabilities 
Category: remote exploits
Platform: macOS
The Safari web browser allows documents opened with the file:// schema to use JavaScript in a way that can be used for malicious purposes, such as stealing information about the target user from websites such as social networks, modifying the contents of a window to other websites but keeping the original website address on the address bar, or even reading files from the local system and sending them to a server controlled by the attacker. Remote exploitation is possible, since a HTML document can be opened by Safari with the file:// schema even if it is on a remote system, such as a FTP server.

# 0day.today @ http://0day.today/