CVE-2008-5915

{"id": "CVE-2008-5915", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-01-20T16:30:00.407", "references": [{"url": "http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33276", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/33276", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a \"temporary footprint\" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an \"in-session phishing attack.\" NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "Una funci\u00f3n desconocida en la implementaci\u00f3n JavaScript en Google Chrome crea y expone una \"huella temporal\" cuando hay un inicio de sesi\u00f3n actualmente a un sitio web, lo que facilita a atacantes remotos enga\u00f1ar a un usuario para que haga lo que le dice un mensaje pop-up envenenado, tambi\u00e9n conocido como un \" ataque de phishing en una sesi\u00f3n activa.\" NOTA: a fecha de 16012009, lo \u00fanico que ha salido a la luz es un pre-aviso impreciso con informaci\u00f3n no utilizable. sin embargo, ya que el investigador es conocido, se le ha asignado un identificador CVE con prop\u00f3sitos de seguimiento."}], "lastModified": "2024-11-21T00:55:12.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}