Unrated severityNVD Advisory· Published Nov 16, 2010· Updated Jun 16, 2026
CVE-2010-3796
CVE-2010-3796
Description
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.
Affected products
14cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
- (no CPE)range: <= 10.6.4
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
- Range: <= 10.6.4 (Mac OS X before 10.6.5)
Patches
Vulnerability mechanics
References
2- support.apple.com/kb/HT4435nvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.