[Japanese]

JVNDB-2007-000093

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview

Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Darksky
  • RSS Bar for Internet Explorer 1.28 Release3 and earlier
  • RSS Bar for Sleipnir 1.28 Release3 and earlier
  • RSS Bar for unDonut 1.28 Release3 and earlier
Fenrir Inc.
  • Portable Sleipnir 2.45 and earlier
  • Sleipnir 2.49 and earlier

Impact

An arbitrary script could be executed in an inappropriate security zone.
Solution

Vendor Information

Darksky Fenrir Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-0705
References

  1. JVN : JVN#93700808
  2. National Vulnerability Database (NVD) : CVE-2007-0705
  3. Secunia Advisory : SA23927
  4. FrSIRT Advisories : FrSIRT/ADV-2007-0364
Revision History

  • [2008/05/21]
      Web page published

Date Public2007/01/26
Date First Published2008/05/21
Date Last Updated2008/05/21