OmniWeb Browser < 5.5.2 Javascript alert Function Format String

Medium Nessus Network Monitor Plugin ID 3879

Synopsis

The remote host is vulnerable to a 'format string' flaw.

Description

The remote host is using Omniweb, an alternative web browser for the Mac OS platform. This version of OmniWeb is vulnerable to a format-string flaw. Specifically, the Javascript 'alert' function fails to correctly parse specially formatted strings. An attacker exploiting this flaw would need the ability to pass malformed strings to the browser. This typically involves being able to entice a user into browsing to a malicious site. Successful exploitation would result in the attacker executing arbitrary code within the browser.

Solution

Upgrade to version 5.5.2 or higher.

See Also

http://www.omnigroup.com/applications/omniweb

Plugin Details

Severity: Medium

ID: 3879

File Name: 3879.prm

Family: Web Clients

Published: 2007/01/08

Modified: 2016/12/06

Dependencies: 1769

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2007-0148

BID: 21911