CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mac_os_x | Apple | 10.7.0 (including) | 10.7.0 (including) |
| Mac_os_x | Apple | 10.7.1 (including) | 10.7.1 (including) |
| Mac_os_x | Apple | 10.7.2 (including) | 10.7.2 (including) |
| Mac_os_x | Apple | 10.7.3 (including) | 10.7.3 (including) |
| Mac_os_x | Apple | 10.7.4 (including) | 10.7.4 (including) |
| Mac_os_x | Apple | 10.7.5 (including) | 10.7.5 (including) |
| Mac_os_x_server | Apple | 10.7.0 (including) | 10.7.0 (including) |
| Mac_os_x_server | Apple | 10.7.1 (including) | 10.7.1 (including) |
| Mac_os_x_server | Apple | 10.7.2 (including) | 10.7.2 (including) |
| Mac_os_x_server | Apple | 10.7.3 (including) | 10.7.3 (including) |