CVE-2011-3218

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions through 10.6.8

Description The issue allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks. This occurs when the "Save for Web" selection in QuickTime Player exports HTML documents containing an http link to a script file, which can be spoofed by an attacker during local viewing of an exported document.

Recommendations For Apple Mac OS X versions through 10.6.8, consider disabling the "Save for Web" feature in QuickTime Player as a temporary workaround to minimize the risk of exploitation. Restrict access to http links in exported HTML documents to prevent cross-site scripting attacks.