What is the severity of CVE-2010-0063?

CVE-2010-0063 has been classified with a moderate severity level due to its potential to allow remote attackers to execute arbitrary JavaScript.

How do I fix CVE-2010-0063?

To fix CVE-2010-0063, update your Apple Mac OS X to version 10.6.3 or later, where the vulnerability has been addressed.

What are the affected versions for CVE-2010-0063?

CVE-2010-0063 affects multiple versions of Apple Mac OS X, including 10.5.0 through 10.6.2.

How does CVE-2010-0063 exploit work?

CVE-2010-0063 exploits an incomplete blacklist vulnerability that enables user-assisted remote execution of arbitrary JavaScript through specific Content-Type values.

Is there a workaround for CVE-2010-0063?

There are no known effective workarounds for CVE-2010-0063, and the recommended action is to apply the necessary updates.

Vulnerability/
CVE-2010-0063

medium

6.8

CWE

NVD-CWE-Other

30/3/2010

3/10/2022

7/8/2024

CVE-2010-0063

First published: Tue Mar 30 2010(Updated: )

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
macOS Yosemite	=10.5.8
Apple Mac OS X Server	=10.5.2
macOS Yosemite	=10.5.6
Apple Mac OS X Server	=10.5.8
macOS Yosemite	=10.5.5
Apple Mac OS X Server	=10.5.5
macOS Yosemite	=10.5.1
Apple Mac OS X Server	=10.5.1
Apple Mac OS X Server	=10.5.6
macOS Yosemite	=10.5.3
macOS Yosemite	=10.5.0
Apple Mac OS X Server	=10.5.0
Apple Mac OS X Server	=10.5.3
macOS Yosemite	=10.5
Apple Mac OS X Server	=10.5.4
macOS Yosemite	=10.5.2
Apple Mac OS X Server	=10.5.7
Apple Mac OS X Server	=10.6.1
macOS Yosemite	<=10.6.2
macOS Yosemite	=10.6.1
Apple Mac OS X Server	=10.6.0
macOS Yosemite	=10.6.0
macOS Yosemite	=10.5.7
Apple Mac OS X Server	=10.5
Apple Mac OS X Server	<=10.6.2
macOS Yosemite	=10.5.4

Remedy

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Remedy

http://support.apple.com/kb/HT4077

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-0063?
CVE-2010-0063 has been classified with a moderate severity level due to its potential to allow remote attackers to execute arbitrary JavaScript.
How do I fix CVE-2010-0063?
To fix CVE-2010-0063, update your Apple Mac OS X to version 10.6.3 or later, where the vulnerability has been addressed.
What are the affected versions for CVE-2010-0063?
CVE-2010-0063 affects multiple versions of Apple Mac OS X, including 10.5.0 through 10.6.2.
How does CVE-2010-0063 exploit work?
CVE-2010-0063 exploits an incomplete blacklist vulnerability that enables user-assisted remote execution of arbitrary JavaScript through specific Content-Type values.
Is there a workaround for CVE-2010-0063?
There are no known effective workarounds for CVE-2010-0063, and the recommended action is to apply the necessary updates.

agent/references
agent/type
agent/remedy
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/description
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/apple
canonical/macos yosemite
version/macos yosemite/10.5.8
canonical/apple mac os x server
version/apple mac os x server/10.5.2
version/macos yosemite/10.5.6
version/apple mac os x server/10.5.8
version/macos yosemite/10.5.5
version/apple mac os x server/10.5.5
version/macos yosemite/10.5.1
version/apple mac os x server/10.5.1
version/apple mac os x server/10.5.6
version/macos yosemite/10.5.3
version/macos yosemite/10.5.0
version/apple mac os x server/10.5.0
version/apple mac os x server/10.5.3
version/macos yosemite/10.5
version/apple mac os x server/10.5.4
version/macos yosemite/10.5.2
version/apple mac os x server/10.5.7
version/apple mac os x server/10.6.1
version/macos yosemite/10.6.2
version/macos yosemite/10.6.1
version/apple mac os x server/10.6.0
version/macos yosemite/10.6.0
version/macos yosemite/10.5.7
version/apple mac os x server/10.5
version/apple mac os x server/10.6.2
version/macos yosemite/10.5.4

Frequently Asked Questions

What is the severity of CVE-2010-0063?
CVE-2010-0063 has been classified with a moderate severity level due to its potential to allow remote attackers to execute arbitrary JavaScript.
How do I fix CVE-2010-0063?
To fix CVE-2010-0063, update your Apple Mac OS X to version 10.6.3 or later, where the vulnerability has been addressed.
What are the affected versions for CVE-2010-0063?
CVE-2010-0063 affects multiple versions of Apple Mac OS X, including 10.5.0 through 10.6.2.
How does CVE-2010-0063 exploit work?
CVE-2010-0063 exploits an incomplete blacklist vulnerability that enables user-assisted remote execution of arbitrary JavaScript through specific Content-Type values.
Is there a workaround for CVE-2010-0063?
There are no known effective workarounds for CVE-2010-0063, and the recommended action is to apply the necessary updates.

CVE-2010-0063

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-0063?

How do I fix CVE-2010-0063?

What are the affected versions for CVE-2010-0063?

How does CVE-2010-0063 exploit work?

Is there a workaround for CVE-2010-0063?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2010-0063?

How do I fix CVE-2010-0063?

What are the affected versions for CVE-2010-0063?

How does CVE-2010-0063 exploit work?

Is there a workaround for CVE-2010-0063?