PT-2009-6279 · Yoono · Yoono

Nick Freeman

Publicado

2009-11-28

Atualizado

2024-03-12

CVE-2009-4100

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Yoono extension versions prior to 6.1.1

Description The issue allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. This is due to the extension performing certain operations with chrome privileges.

Recommendations For versions prior to 6.1.1, update to version 6.1.1 or later to resolve the issue. As a temporary workaround, consider disabling the Yoono extension until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2009-4100

ROSA-SA-2024-2370

Produtos afetados

Yoono

PT-2009-6279 · Yoono · Yoono

CVE-2009-4100

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 57