CVE-2010-0044

2010-03-15T13:28:00
ID CVE-2010-0044
Type cve
Reporter cve@mitre.org
Modified 2017-09-19T01:30:00

Description

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

'PubSub CVE-ID: CVE-2010-0044 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies Description: An implementation issue exists in the handling of cookies set by RSS and Atom feeds. Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies via the "Accept Cookies" preference. This update addresses the issue by respecting the preference while updating or viewing feeds.' Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'