Back to search
CVE-2009-1727
Published: Aug 6, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://support.apple.com/kb/HT3757
x_refsource_CONFIRM
36096
third-party-advisory
x_refsource_SECUNIA
macosx-coretype-code-execution(52420)
vdb-entry
x_refsource_XF
APPLE-SA-2009-08-05-1
vendor-advisory
x_refsource_APPLE
35954
vdb-entry
x_refsource_BID
56844
vdb-entry
x_refsource_OSVDB
ADV-2009-2172
vdb-entry
x_refsource_VUPEN
TA09-218A
third-party-advisory
x_refsource_CERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now