CVE-2006-3504 — Apple MAC OS X vulnerability

2 documents2 sources

Severity

5.1MEDIUMNVD

EPSS

0.4%

top 37.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedAug 3

Latest updateMay 1

Description

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x10.4.7

▶NVDapple/mac_os_x_server10.4.7

🔴Vulnerability Details

GHSA

GHSA-xjp5-gg6j-cwrg: The Download Validation in LaunchServices for Apple Mac OS X 10↗2022-05-01

▶