The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Software | From | Fixed in |
---|---|---|
apple / mac_os_x | 10.4.11 | 10.4.11.x |
apple / mac_os_x | 10.5 | 10.5.x |
apple / mac_os_x | 10.5.1 | 10.5.1.x |
apple / mac_os_x | 10.5.2 | 10.5.2.x |
redhat / enterprise_linux | 5 | 5.x |
apple / mac_os_x_server | 10.4.11 | 10.4.11.x |
apple / mac_os_x_server | 10.5 | 10.5.x |
apple / mac_os_x_server | 10.5.1 | 10.5.1.x |
apple / mac_os_x_server | 10.5.2 | 10.5.2.x |