CVE-2009-0123: Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors...

Description

Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Metrics

EPSS Probability

1.48%

70.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Apple	Safari	All versions

References

Timeline

Published: Jan 15, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-0123?

Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

How severe is CVE-2009-0123?

Severity scoring for CVE-2009-0123 is pending analysis. The EPSS model estimates a 1.48% probability of exploitation in the next 30 days.

How do I fix CVE-2009-0123?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.