CVE-2010-3796

Name of the Vulnerable Software and Affected Versions Safari versions prior to 10.6.5 in Mac OS X 10.5.8 and 10.6.x

Description The issue allows remote attackers to obtain sensitive information by using a feed: URL containing a Java applet that performs DOM modifications, as Safari does not block Java applets in an RSS feed.

Recommendations For Safari in Mac OS X 10.5.8 and 10.6.x before 10.6.5, consider disabling Java applets in RSS feeds until a patch is available. Restrict access to RSS feeds that may contain malicious Java applets to minimize the risk of exploitation.