CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0144)