PT-2007-6814 · Apple · Macos X
Published
2007-12-19
·
Updated
2017-07-29
·
CVE-2007-5854
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X versions 10.4.11 through 10.5.1
Description
The issue allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file, as Launch Services does not treat HTML files as unsafe content.
Recommendations
For Apple Mac OS X versions 10.4.11 through 10.5.1, consider treating HTML files as unsafe content to prevent cross-site scripting (XSS) attacks or sensitive information disclosure until a patch is available. As a temporary workaround, restrict the handling of HTML files by Launch Services to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macos X