CVE-2010-3934 - Vulnerability Details - OpenCVE

The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rim	Blackberry 9700 Blackberry Device Software

Configuration 1 [-]

AND

cpe:2.3:a:rim:blackberry_device_software:5.0.0.593:*:*:*:*:*:*:*

cpe:2.3:h:rim:blackberry_9700:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt
http://secunia.com/advisories/41536
http://securitytracker.com/id?1024506

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-10-14T18:00:00Z

Updated: 2024-09-17T00:45:56.180Z

Reserved: 2010-10-14T00:00:00Z

Link: CVE-2010-3934

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-10-14T19:00:02.197

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3934

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-10-14T18:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt"}, {"name": "41536", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41536"}, {"name": "1024506", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024506"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3934", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt"}, {"name": "41536", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41536"}, {"name": "1024506", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024506"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:26:12.231Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt"}, {"name": "41536", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41536"}, {"name": "1024506", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024506"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3934", "datePublished": "2010-10-14T18:00:00Z", "dateReserved": "2010-10-14T00:00:00Z", "dateUpdated": "2024-09-17T00:45:56.180Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rim:blackberry_device_software:5.0.0.593:*:*:*:*:*:*:*", "matchCriteriaId": "C8A94C3C-9E3F-40AB-B1B0-F802E61A7314", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rim:blackberry_9700:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE6874B4-A2FF-4C07-A311-6BF93B9990DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "El navegador en Research In Motion (RIM) BlackBerry Device Software v5.0.0.593 Platform v5.1.0.147 en la BlackBerry 9700 no restringe correctamente la ejecuci\u00f3n de dominio cruzado de JavaScript, lo cual permite a los atacantes remotos evitar la \"Same Origin Policy\" a trav\u00e9s de vectores relacionados con una llamada a window.open y un elemento IFRAME. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros."}], "id": "CVE-2010-3934", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-10-14T19:00:02.197", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41536"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1024506"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1024506"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}