[原文]Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
Mac OS X contains a flaw that may allow a malicious user to spoof dialog boxes from inactive browser windows. The issue is triggered a user is sent a malicious URL, which then launches a window which appears to be initiated by the web site in the active window. It is possible that the flaw may allow users to be tricked into revealing sensitive information resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.
Apple Safari is reported prone to a cross-domain dialog box spoofing vulnerability. This issue may allow a remote attacker to carry out phishing style attacks as an attacker may exploit this vulnerability to spoof an interface of a trusted web site.
Apple Safari 1.2.3 (v125.9) is reported vulnerable to this issue. It is likely that other versions are affected as well.
An exploit is not required.
A proof of concept is available from the following location: