CVE-2012-5906

Name of the Vulnerable Software and Affected Versions GreenBrowser versions 6.1.0117 through 6.1.0216

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This can occur via the URI in an about: page or the last visited URL in the LastVisitWriteEn function in function.js.

Recommendations For GreenBrowser version 6.1.0117, update to a version later than 6.1.0216 to resolve the issue. For GreenBrowser version 6.1.0216, update to a version later than 6.1.0216 to resolve the issue. As a temporary workaround, consider restricting access to the LastVisitWriteEn function in function.js until a patch is available.