CVE-2010-2274

Name of the Vulnerable Software and Affected Versions Dojo versions 1.0.x through 1.0.2 Dojo versions 1.1.x through 1.1.1 Dojo versions 1.2.x through 1.2.3 Dojo versions 1.3.x through 1.3.2 Dojo versions 1.4.x through 1.4.1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to files such as dojo/resources/iframe history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

Recommendations For Dojo versions 1.0.x through 1.0.2, update to version 1.0.3 or later. For Dojo versions 1.1.x through 1.1.1, update to version 1.1.2 or later. For Dojo versions 1.2.x through 1.2.3, update to version 1.2.4 or later. For Dojo versions 1.3.x through 1.3.2, update to version 1.3.3 or later. For Dojo versions 1.4.x through 1.4.1, update to version 1.4.2 or later.