CVE-2010-3934

EUVD-2010-3911
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
rimblackberry_device_software
5.0.0.593
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt
http://secunia.com/advisories/41536
http://securitytracker.com/id?1024506
http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt
http://secunia.com/advisories/41536
http://securitytracker.com/id?1024506