[Japanese]

JVNDB-2007-000322

Lunascape RSS reader arbitrary script execution vulnerability

Overview

A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Lunascape
  • Lunascape 4.1.3 (build 2) and earlier

Impact

Arbitrary JavaScript could be executed within Lunascape's RSS reader.
Solution

Vendor Information

Lunascape
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-2335
References

  1. JVN : JVN#36628264
  2. National Vulnerability Database (NVD) : CVE-2007-2335
  3. Secunia Advisory : SA25000
  4. SecurityFocus : 23665
  5. FrSIRT Advisories : FrSIRT/ADV-2007-1538
Revision History

  • [2008/05/21]
      Web page published

Date Public2007/04/25
Date First Published2008/05/21
Date Last Updated2008/05/21