The host is installed with Google Chrome before 17.0.963.83 or Apple Safari before 5.1.7 and is prone to cross-origin violation vulnerability. A flaw is present in the application, which fails to handle the Same Origin Policy. Successful exploitation could allow remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe".