CVE-2010-3934
https://notcve.org/view.php?id=CVE-2010-3934
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. El navegador en Research In Motion (RIM) BlackBerry Device Software v5.0.0.593 Platform v5.1.0.147 en la BlackBerry 9700 no restringe correctamente la ejecución de dominio cruzado de JavaScript, lo cual permite a los atacantes remotos evitar la "Same Origin Policy" a través de vectores relacionados con una llamada a window.open y un elemento IFRAME. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt http://secunia.com/advisories/41536 http://securitytracker.com/id?1024506 • CWE-264: Permissions, Privileges, and Access Controls •