CVSS: 4.3EPSS: 2%CPEs: 13EXPL: 0CVE-2010-2599
https://notcve.org/view.php?id=CVE-2010-2599
Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. Vulnerabilidad no especificada en BlackBerry Device Software anterior a v6.0.0 de Research In Motion (RIM) permite a atacantes remotos provocar una denegación de servicio (navegador se bloquea) a través de una página web manipulada. • http://blog.tehtri-security.com/2011/01/blackhat-dc-2011-inglourious-hackerds.html http://osvdb.org/70404 http://www.blackberry.com/btsc/KB24841 http://www.securityfocus.com/archive/1/515860/100/0/threaded http://www.securityfocus.com/bid/45754 http://www.securitytracker.com/id?1024952 http://www.vupen.com/english/advisories/2011/0082 https://exchange.xforce.ibmcloud.com/vulnerabilities/64622 •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1CVE-2010-3934
https://notcve.org/view.php?id=CVE-2010-3934
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. El navegador en Research In Motion (RIM) BlackBerry Device Software v5.0.0.593 Platform v5.1.0.147 en la BlackBerry 9700 no restringe correctamente la ejecución de dominio cruzado de JavaScript, lo cual permite a los atacantes remotos evitar la "Same Origin Policy" a través de vectores relacionados con una llamada a window.open y un elemento IFRAME. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt http://secunia.com/advisories/41536 http://securitytracker.com/id?1024506 • CWE-264: Permissions, Privileges, and Access Controls •