CVE-2009-1727

Metadata

CVE-2009-1727
6.8
lists.apple.com, support.apple.com, securityfocus.com, us-cert.gov, vupen.com, exchange.xforce.ibmcloud.com
2009-08-06
2017-08-17 06:09

Description

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.

Related Vulnerabilities