Apple Safari on MacOSX may reveal user's saved passwords

hello, Apple Safari on Macosx may reveal user's saved passwords. A local user with legitimate access to the system is able to steal keychained password by injecting javascripts into a loaded webpage via applescript. It seems that safari fails to validate the source of injected code, however apple...

CVE-2007-2580

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information saved keychain passwords via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script...

Code injection

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information saved keychain passwords via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script...

CVE-2007-2580

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information saved keychain passwords via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script...

CVE-2005-1331

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters su...

CVE-2005-1331

CVE-2005-1331 concerns the AppleScript Editor in Mac OS X 10.3.9, where AppleScript: URI handling fails to display the intended code, potentially allowing a remote attacker to persuade the user to run malicious code via URI characters like NULL or control characters. The connected sources corrobo...

CVE-2005-1331

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters su...

Mac OS X Multiple Vulnerabilities (Security Update 2005-005)

The remote host is missing Security Update 2005-005. This security update contains fixes for the following applications : - Apache - AppKit - AppleScript - Bluetooth - Directory Services - Finder - Foundation - HelpViewer - LDAP - libXpm - lukemftpd - NetInfo - ServerAdmin - sudo - Terminal - VPN...

Quinn - 'the Eskimo' and Peter N. Lewis Internet Configuration 1.0/2.0 Weak Password Encryption

source: https://www.securityfocus.com/bid/546/info Internet Config is a third-party freeware utility for MacOS. It provides a means of centralizing frequently-required connection information, including passwords, for use by several programs. The passwords are stored in encrypted form in the...