CVE-2009-0153

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
applemac_os_x
10.5.0
applemac_os_x
10.5.1
applemac_os_x
10.5.2
applemac_os_x
10.5.3
applemac_os_x
10.5.4
applemac_os_x
10.5.5
applemac_os_x
10.5.6
applemac_os_x_server
10.5.0
applemac_os_x_server
10.5.1
applemac_os_x_server
10.5.2
applemac_os_x_server
10.5.3
applemac_os_x_server
10.5.4
applemac_os_x_server
10.5.5
applemac_os_x_server
10.5.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
icu
bullseye
67.1-7
fixed
bookworm
72.1-3
fixed
sid
72.1-5
fixed
trixie
72.1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
icu
jaunty
Fixed 3.8.1-3ubuntu1.1
released
intrepid
Fixed 3.8.1-2ubuntu0.2
released
hardy
Fixed 3.8-6ubuntu0.2
released
dapper
ignored
Common Weakness Enumeration
References
http://bugs.icu-project.org/trac/ticket/5691
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://secunia.com/advisories/35074
http://secunia.com/advisories/35379
http://secunia.com/advisories/35436
http://secunia.com/advisories/35498
http://secunia.com/advisories/35584
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://www.redhat.com/support/errata/RHSA-2009-1122.html
http://www.securityfocus.com/bid/34926
http://www.securityfocus.com/bid/34974
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
https://bugzilla.redhat.com/show_bug.cgi?id=503071
https://exchange.xforce.ibmcloud.com/vulnerabilities/50488
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11366
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00336.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00478.html
http://bugs.icu-project.org/trac/ticket/5691
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://secunia.com/advisories/35074
http://secunia.com/advisories/35379
http://secunia.com/advisories/35436
http://secunia.com/advisories/35498
http://secunia.com/advisories/35584
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://www.redhat.com/support/errata/RHSA-2009-1122.html
http://www.securityfocus.com/bid/34926
http://www.securityfocus.com/bid/34974
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
https://bugzilla.redhat.com/show_bug.cgi?id=503071
https://exchange.xforce.ibmcloud.com/vulnerabilities/50488
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11366
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00336.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00478.html