Townsend Ladd Harris

**Name of the Vulnerable Software and Affected Versions** Palm Pre WebOS versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary JavaScript in email messages. This is demonstrated by the ability to read PalmDatabase.db3. **Recommendations** For Palm Pre WebOS versions 1.1 and earlier, consider disabling JavaScript processing in email messages as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Palm Pre WebOS versions 1.1 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by exploiting a weakness in the LunaSysMgr process. This occurs when a web page containing a long string following a refresh tag is accessed, triggering a floating point exception. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Palm Pre WebOS versions 1.1 and earlier, consider avoiding the use of web pages with long strings following refresh tags until a fix is available. As a temporary workaround, users may want to view web pages in landscape mode to potentially mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.