CVE-2010-3934

The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:rim:blackberry_device_software:5.0.0.593:*:*:*:*:*:*:*
cpe:2.3:h:rim:blackberry_9700:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:19

Type Values Removed Values Added
References () http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt - Exploit () http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt - Exploit
References () http://secunia.com/advisories/41536 - Vendor Advisory () http://secunia.com/advisories/41536 - Vendor Advisory
References () http://securitytracker.com/id?1024506 - () http://securitytracker.com/id?1024506 -

Information

Published : 2010-10-14 19:00

Updated : 2024-11-21 01:19


NVD link : CVE-2010-3934

Mitre link : CVE-2010-3934

CVE.ORG link : CVE-2010-3934


JSON object : View

Products Affected

rim

  • blackberry_9700
  • blackberry_device_software
CWE
CWE-264

Permissions, Privileges, and Access Controls