CVE-2010-0063 — Apple MAC OS X vulnerability

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 42.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMar 30

Latest updateMay 2

Description

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x10.6.2+12

▶NVDapple/mac_os_x_server10.6.2+12

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-x6fh-9494-hx2r: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10↗2022-05-02

▶

CVEList

CVE-2010-0063: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10↗2010-03-30

▶