CVE Vulnerabilities

CVE-2009-1727

Published: Aug 06, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.

Affected Software

Name Vendor Start Version End Version
Mac_os_x_server Apple 10.5.2 10.5.2
Mac_os_x Apple 10.5.6 10.5.6
Mac_os_x Apple 10.5.5 10.5.5
Mac_os_x_server Apple 10.5.5 10.5.5
Mac_os_x Apple 10.5.1 10.5.1
Mac_os_x_server Apple 10.5.1 10.5.1
Mac_os_x_server Apple 10.5.6 10.5.6
Mac_os_x Apple 10.5.3 10.5.3
Mac_os_x Apple 10.5.0 10.5.0
Mac_os_x_server Apple 10.5.0 10.5.0
Mac_os_x_server Apple 10.5.3 10.5.3
Mac_os_x Apple 10.5 10.5
Mac_os_x_server Apple 10.5.4 10.5.4
Mac_os_x Apple 10.5.2 10.5.2
Mac_os_x_server Apple 10.5.7 10.5.7
Mac_os_x Apple 10.5.6 10.5.6
Mac_os_x Apple 10.5.7 10.5.7
Mac_os_x_server Apple 10.5 10.5
Mac_os_x Apple 10.5.4 10.5.4

References