[Japanese]

JVNDB-2010-000057

Clipboard contents alteration vulnerability in Sleipnir

Overview

Sleipnir contains a vulnerability in which the contents of the clipboard may be altered.

Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website.

According to the developer, users who are using the version 2.9.6 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Fenrir Inc.
  • Sleipnir 2.9.6 and earlier

Impact

Contents contained in the clipboard may be leaked or altered.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.

[Change the settings]
For users who are already using version 2.9.6, change the settings according to the information provided by the developer.
Vendor Information

Fenrir Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-3918
References

  1. JVN : JVN#64764004
  2. National Vulnerability Database (NVD) : CVE-2010-3918
  3. Secunia Advisory : SA42427
  4. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 69604
Revision History

  • [2010/12/01]
      Web page published

Date Public2010/12/01
Date First Published2010/12/01
Date Last Updated2010/12/01