Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | Patch Vendor Advisory |
http://support.apple.com/kb/HT4077 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2022-10-03T16:21:12
Updated: 2022-10-03T16:21:12
Reserved: 2022-10-03T00:00:00
Link: CVE-2010-0063
JSON object: View
NVD Information
Status : Analyzed
Published: 2010-03-30T18:30:00.420
Modified: 2010-03-31T04:00:00.000
Link: CVE-2010-0063
JSON object: View
Redhat Information
No data.
CWE