CVE-2020-9860

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 13.0.5

Description A custom URL scheme handling issue was addressed with improved input validation. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

Recommendations For versions prior to 13.0.5, update to Safari 13.0.5 to resolve the issue. As a temporary workaround, consider avoiding the use of custom URL schemes until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-9860

Affected Products

Safari

CVE-2020-9860

Related Identifiers

Affected Products

References · 4