CVE-2007-0148

Name of the Vulnerable Software and Affected Versions OmniWeb version 5.5.1

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code. This is achieved through the use of format string specifiers in the Javascript alert function.

Recommendations For OmniWeb version 5.5.1, consider disabling the Javascript alert function as a temporary workaround until a patch is available. Restrict access to untrusted Javascript code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.