[Japanese]

JVNDB-2010-000025

Multiple vulnerabilities in ActiveGeckoBrowser

Overview

ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities.

ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine.
CVSS Severity (What is CVSS?)

Base Metrics: 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


Fenrir Inc.
  • ActiveGeckoBrowser

Impact

A remote attacker may execute an arbitrary code or script, or conduct a denial of service (DoS) attack.
Solution

[Do not use ActiveGeckoBrowser]
Do not use ActiveGeckoBrowser until an update is provided.
For more information, refer to the vendor's website.
Vendor Information

Fenrir Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-2420
References

  1. JVN : JVN#67120749
  2. National Vulnerability Database (NVD) : CVE-2010-2420
  3. ISS X-Force Database : 59493
Revision History

[2010/06/17]
  Web page published