OmniWeb Browser < 5.5.2 Javascript alert Function Format String

Medium Nessus Network Monitor Plugin ID 3879


The remote host is vulnerable to a 'format string' flaw.


The remote host is using Omniweb, an alternative web browser for the Mac OS platform. This version of OmniWeb is vulnerable to a format-string flaw. Specifically, the Javascript 'alert' function fails to correctly parse specially formatted strings. An attacker exploiting this flaw would need the ability to pass malformed strings to the browser. This typically involves being able to entice a user into browsing to a malicious site. Successful exploitation would result in the attacker executing arbitrary code within the browser.


Upgrade to version 5.5.2 or higher.

See Also

Plugin Details

Severity: Medium

ID: 3879

File Name: 3879.prm

Family: Web Clients

Published: 2007/01/08

Modified: 2016/12/06

Dependencies: 1769

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 6.3

Temporal Score: 5.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2007-0148

BID: 21911