[Japanese]

JVNDB-2010-000058

Clipboard contents alteration vulnerability in Grani

Overview

Grani contains a vulnerability in which the contents of the clipboard may be altered.

Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website.

According to the developer, users who are using the version 4.5 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Fenrir Inc.
  • Grani 4.5 and earlier

Impact

Contents contained in the clipboard may be leaked or altered.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.

[Change the settings]
For users who are already using version 4.5, change the settings according to the information provided by the developer.
Vendor Information

Fenrir Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-3919
References

  1. JVN : JVN#76662040
  2. National Vulnerability Database (NVD) : CVE-2010-3919
  3. Secunia Advisory : SA42428
Revision History

  • [2010/12/01]
      Web page published