[VIM] Yoono chrome-privileges issue (CVE-2009-4100) fixed in 6.1.1

Jake Kouns jkouns at opensecurityfoundation.org
Sat Dec 5 05:59:47 UTC 2009


Thanks for sending.  Updated OSVDB 60530 (http://osvdb.org/60530) with
information as well.
--Jake

On Fri, Dec 4, 2009 at 4:14 PM, Steven M. Christey
<coley at linus.mitre.org> wrote:
>
> A Yoono vendor representative e-mailed us to clarify a CVE description
> change.  http://www.net-security.org/secworld.php?id=8527 implies that 6.1.1
> is affected ("Yoono 6.1.1 and previous") but the vendor stated that 6.1.1 is
> actually fixed, and the fix was available in July.  See the CVE below.
>
> - Steve
>
> ======================================================
> Name: CVE-2009-4100
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4100
> Reference: MISC:http://www.net-security.org/secworld.php?id=8527
> Reference:
> CONFIRM:https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1
> Reference: BID:37123
> Reference: URL:http://www.securityfocus.com/bid/37123
> Reference: SECUNIA:37468
> Reference: URL:http://secunia.com/advisories/37468
> Reference: VUPEN:ADV-2009-3326
> Reference: URL:http://www.vupen.com/english/advisories/2009/3326
> Reference: XF:yoonoo-domevent-xss(54417)
> Reference: URL:http://xforce.iss.net/xforce/xfdb/54417
>
> Yoono extension before 6.1.1 for Firefox performs certain operations
> with chrome privileges, which allows user-assisted remote attackers to
> execute arbitrary commands and perform cross-domain scripting attacks
> via DOM event handlers such as onload.
>
>
>


More information about the VIM mailing list