CVE-2009-4100

Name of the Vulnerable Software and Affected Versions Yoono extension versions prior to 6.1.1

Description The issue allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. This is due to the extension performing certain operations with chrome privileges.

Recommendations For versions prior to 6.1.1, update to version 6.1.1 or later to resolve the issue. As a temporary workaround, consider disabling the Yoono extension until a patch is available.