CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2009-0137

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile15.22th
Published2009年2月13日
Last Modified2026年4月23日

Vulnerability Description

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."

Affected Platforms (CPE)

📦
Apple

Safari

All versions

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
🔗 http://lists.apple.com/archives/security-announce/2009/Feb/msg00001.html
🔗 http://support.apple.com/kb/HT3438
🔗 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
🔗 http://lists.apple.com/archives/security-announce/2009/Feb/msg00001.html
🔗 http://support.apple.com/kb/HT3438

相關漏洞威脅

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2007-284310.0

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via J...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...