RSS   Podatności dla 'Blackberry device software'   RSS

2010-10-14
 
CVE-2010-3934

CWE-264
 

 
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information.

 
2009-09-29
 
CVE-2009-3477

CWE-310
 

 
The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

 
2005-12-31
 
CVE-2005-2343

 

 
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.

 

 >>> Vendor: RIM 23 Produkty
Blackberry
Blackberry attachment service
Blackberry enterprise server
Blackberry router
Blackberry desktop manager
Blackberry device software
Teamon import object activex control
Blackberry browser
Blackberry 8100
Blackberry 7270
Blackberry enterprise server for domino
Blackberry enterprise server for exchange
Blackberry enterprise server for novell groupwise
Blackberry unite
Blackberry professional software
Blackberry desktop software
Blackberry 8800
Blackberry software
Blackberry enterprise server express
Blackberry torch 9800 firmware
Blackberry torch 9800
Blackberry playbook tablet
Blackberry playbook os


Copyright 2024, cxsecurity.com

 

Back to Top