CVE-2006-0388

Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:N/I:P/A:P

Exploitability : 1.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=303382
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html	Patch
http://secunia.com/advisories/19064	Patch Vendor Advisory
http://securitytracker.com/id?1015713	Patch
http://www.securityfocus.com/bid/16907	Patch
http://www.us-cert.gov/cas/techalerts/TA06-062A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/0791	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25038
http://docs.info.apple.com/article.html?artnum=303382
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html	Patch
http://secunia.com/advisories/19064	Patch Vendor Advisory
http://securitytracker.com/id?1015713	Patch
http://www.securityfocus.com/bid/16907	Patch
http://www.us-cert.gov/cas/techalerts/TA06-062A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/0791	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25038

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x:10.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*

History

No history.

Information

Published : 2006-03-03 22:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-0388

Mitre link : CVE-2006-0388

CVE.ORG link : CVE-2006-0388

JSON object : View

Products Affected

apple

mac_os_x
mac_os_x_server

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

2.6 /10