CVE-2010-0063

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions prior to 10.6.3

Description The issue allows user-assisted remote attackers to execute arbitrary JavaScript via a web page, making it easier to exploit. This is due to an incomplete blacklist vulnerability in CoreTypes, which does not properly handle certain Content-Type values for Safari. Specifically, the values for the .ibplugin and .url extensions are not on the list of possibly unsafe content types.

Recommendations For Apple Mac OS X versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of downloads with Content-Type values that are not explicitly marked as safe in Safari. Avoid using Safari to download files with potentially unsafe content types, such as .ibplugin and .url extensions, until the issue is resolved.