CVE-2010-3934

Name of the Vulnerable Software and Affected Versions BlackBerry Device Software version 5.0.0.593

Description The browser does not properly restrict cross-domain execution of JavaScript, allowing remote attackers to bypass the Same Origin Policy. This can be achieved via vectors related to a window.open call and an IFRAME element.

Recommendations For BlackBerry Device Software version 5.0.0.593, consider restricting the use of JavaScript in the browser until a patch is available. As a temporary workaround, avoid using the window.open function and IFRAME elements in conjunction, as these are related to the bypassing of the Same Origin Policy.