CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-3934

The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.3%

CVSS Severity

CVSS v2 Score 6.8

References

http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt
http://secunia.com/advisories/41536
http://securitytracker.com/id?1024506
http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt
http://secunia.com/advisories/41536
http://securitytracker.com/id?1024506

Products affected by CVE-2010-3934

Rim » Blackberry Device Software » Version: 5.0.0.593

cpe:2.3:a:rim:blackberry_device_software:5.0.0.593
Rim » Blackberry 9700 » Version: Any

cpe:2.3:h:rim:blackberry_9700:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-3934

Products

Pricing

Contact Us