[Japanese]

JVNDB-2007-000804

Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

Overview

Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script.

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web browser when the search result is displayed.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Fenrir Inc.
  • Grani 3.0 and earlier
  • Portable Sleipnir 2.5.17 Release2 and earlier
  • Sleipnir 2.5.17 Release2 and earlier

Impact

An attacker could execute an arbitrary script on a user's web browser.
Solution

[Update the Software]
Apply the latest updates provided by Fenrir & Co.
Vendor Information

Fenrir Inc.
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-6002
References

  1. JVN : JVN#65427327
  2. National Vulnerability Database (NVD) : CVE-2007-6002
  3. Secunia Advisory : SA27655
  4. Secunia Advisory : SA27675
  5. SecurityFocus : 26418
  6. ISS X-Force Database : 38441
Revision History

  • [2008/05/21]
      Web page published