Apple Computer Inc. Information for VU#578798

Apple Mac OS X help system may interpret inappropriate local script files

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Please see APPLE-SA-2004-05-21 Security Update 2004-05-24:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-05-21 Security Update 2004-05-24

Security Update 2004-05-24 is now available and contains security
enhancements for the following:

HelpViewer: Fixes CAN-2004-0486 to ensure that HelpViewer will only
process scripts that it initiated. Credit to lixlpixel
<me@lixlpixel.com> for reporting this issue. This issue has been
widely reported as a problem with the Safari web browser, but can
affect other web browsers. This update will fix the issue for Safari
and other web browsers.

Terminal: Fixes CAN-2004-0485 to improve URL processing within
Terminal. Credit to Reni Puls <rpuls@gmx.net> for reporting this
issue.

================================================

Security Update 2004-05-24 may be obtained from:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:

For Mac OS X 10.3.3 "Panther" and Mac OS X 10.3.3 Server
========================================================
http://www.apple.com/support/downloads/securityupdate__2004-05-24_(
10_3_3).html
The download file is named: "SecUpd2004-05-24Pan.dmg"
Its SHA-1 digest is: 8e505ac4e36393f44e9d1b27ac0bd9a9e9f5b6a2

For Mac OS X 10.2.8 "Jaguar" and Mac OS X 10.2.8 Server
=======================================================
http://www.apple.com/support/downloads/securityupdate_2004-05-24_(
10_2_8).html
The download file is named: "SecUpd2004-05-24Jag.dmg"
Its SHA-1 digest is: 8c084551505fb4e7131afbf8bce14475bdc5f946

Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBQK6iU5yw5owIz4TQAQILmQgAk3/3Ia/WtAVYx3DjK46A/EdaHFiWFBkm
wZAoj0YNCMbjrKJviqthqNRBQsro08WKDA9/xBJ94drHNfTye9WwRuFYa5zg7SnV
JIVxcHHxv4qVn5zWy147fCCA+Xdoe45pWOBr2tQ4FM0HtI3mY2C2qlhNznUePRI3
E8FhgLV9QPaXwaBp/Lcn2/CbFbAY5jjpPRd+fEq2jcphkDW4+zgLn0O8SjSEyc7w
+XgYC8Ku/o+GAPNYjZ8oKMLzGeWlCxHpiMjQH9Lauq7U3/u1rqL6LG7bsqei3eEC
x7CIALNsXoGTV58dPq+yYr51IjnLnj1deGX3ZMikjK/k85639ADEYA==
=2I2M
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.