Unrated severityNVD Advisory· Published Aug 3, 2006· Updated Jun 16, 2026

CVE-2006-3504

Description

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

Affected products

Apple Inc./Mac OS X2 versions
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
- (no CPE)range: =10.4.7
Apple Inc./Mac OS X Server
cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

www.us-cert.gov/cas/techalerts/TA06-214A.htmlnvdUS Government Resource
lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlnvd
secunia.com/advisories/21253nvd
www.osvdb.org/27743nvd
www.securityfocus.com/bid/19289nvd
www.vupen.com/english/advisories/2006/3101nvd
exchange.xforce.ibmcloud.com/vulnerabilities/28146nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000