Mac OS X CoreTypes Crafted Archive JavaScript Same-origin Policy Bypass

2006-03-10T17:47:38
ID OSVDB:23873
Type osvdb
Reporter OSVDB
Modified 2006-03-10T17:47:38

Description

Vulnerability Description

Mac OS X CoreTypes contains a flaw that may allow a malicious webpage access to the properties of another domain. The issue is triggered due to the application's failure to properly enforce same-origin policy for JavaScript remote data access. It is possible that the flaw may allow disclosure of sensitive information or may facilitate other attacks against a user of the browser, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.

Short Description

Mac OS X CoreTypes contains a flaw that may allow a malicious webpage access to the properties of another domain. The issue is triggered due to the application's failure to properly enforce same-origin policy for JavaScript remote data access. It is possible that the flaw may allow disclosure of sensitive information or may facilitate other attacks against a user of the browser, resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Security Tracker: 1015763 Secunia Advisory ID:19129 Related OSVDB ID: 23871 Related OSVDB ID: 23872 Related OSVDB ID: 23870 Related OSVDB ID: 23869 Keyword: Security Update 2006-002 FrSIRT Advisory: ADV-2006-0949 CVE-2006-0400 Bugtraq ID: 17082