Abstract: The vulnerability is in one html file, part of the Mac OS X core, that is prone to a DOM Based XSS allowing the excution of arbitrary javascript commands in its (unrestricted) context. The mentioned file is located at /System/Library/CoreServices/HelpViewer.app/Contents/Resources/rhtmlPlayer.html and contains the following code: <script type=”text/javascript” charset=”utf-8″> setBasePathFromString(urlParam(“rhtml”)); loadLocStrings(); loadJavascriptLibs(); function init () { […]
License
