Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
19 vulnerabilities by Fenrir Inc.
CVE-2016-7831 (GCVE-0-2016-7831)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.
Severity
No CVSS data available.
CWE
- User Interface (UI) Misrepresentation of Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94830 | vdb-entryx_refsource_BID |
| https://jvn.jp/en/jp/JVN28151745/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fenrir Inc. | Sleipnir 4 Black Edition for Mac |
Affected:
4.5.3 and earlier
|
|
| Fenrir Inc. | Sleipnir 4 for Mac |
Affected:
4.5.3 and earlier (Mac App Store)
|
Date Public
2016-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94830"
},
{
"name": "JVN#28151745",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28151745/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sleipnir 4 Black Edition for Mac",
"vendor": "Fenrir Inc.",
"versions": [
{
"status": "affected",
"version": "4.5.3 and earlier"
}
]
},
{
"product": "Sleipnir 4 for Mac",
"vendor": "Fenrir Inc.",
"versions": [
{
"status": "affected",
"version": "4.5.3 and earlier (Mac App Store)"
}
]
}
],
"datePublic": "2016-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94830"
},
{
"name": "JVN#28151745",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN28151745/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sleipnir 4 Black Edition for Mac",
"version": {
"version_data": [
{
"version_value": "4.5.3 and earlier"
}
]
}
},
{
"product_name": "Sleipnir 4 for Mac",
"version": {
"version_data": [
{
"version_value": "4.5.3 and earlier (Mac App Store)"
}
]
}
}
]
},
"vendor_name": "Fenrir Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94830"
},
{
"name": "JVN#28151745",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN28151745/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7831",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7831 (GCVE-0-2016-7831)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.
Severity
No CVSS data available.
CWE
- User Interface (UI) Misrepresentation of Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94830 | vdb-entryx_refsource_BID |
| https://jvn.jp/en/jp/JVN28151745/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fenrir Inc. | Sleipnir 4 Black Edition for Mac |
Affected:
4.5.3 and earlier
|
|
| Fenrir Inc. | Sleipnir 4 for Mac |
Affected:
4.5.3 and earlier (Mac App Store)
|
Date Public
2016-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94830"
},
{
"name": "JVN#28151745",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28151745/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sleipnir 4 Black Edition for Mac",
"vendor": "Fenrir Inc.",
"versions": [
{
"status": "affected",
"version": "4.5.3 and earlier"
}
]
},
{
"product": "Sleipnir 4 for Mac",
"vendor": "Fenrir Inc.",
"versions": [
{
"status": "affected",
"version": "4.5.3 and earlier (Mac App Store)"
}
]
}
],
"datePublic": "2016-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94830"
},
{
"name": "JVN#28151745",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN28151745/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sleipnir 4 Black Edition for Mac",
"version": {
"version_data": [
{
"version_value": "4.5.3 and earlier"
}
]
}
},
{
"product_name": "Sleipnir 4 for Mac",
"version": {
"version_data": [
{
"version_value": "4.5.3 and earlier (Mac App Store)"
}
]
}
}
]
},
"vendor_name": "Fenrir Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94830"
},
{
"name": "JVN#28151745",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN28151745/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7831",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2016-000242
Vulnerability from jvndb - Published: 2016-12-07 14:44 - Updated:2018-01-17 11:48
Severity
Summary
Sleipnir for Mac vulnerable to URL spoofing
Details
Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000242.html",
"dc:date": "2018-01-17T11:48+09:00",
"dcterms:issued": "2016-12-07T14:44+09:00",
"dcterms:modified": "2018-01-17T11:48+09:00",
"description": "Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000242.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000242",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28151745/index.html",
"@id": "JVN#28151745",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7831",
"@id": "CVE-2016-7831",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7831",
"@id": "CVE-2016-7831",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Sleipnir for Mac vulnerable to URL spoofing"
}
JVNDB-2014-000007
Vulnerability from jvndb - Published: 2014-01-22 15:29 - Updated:2014-01-27 09:47Summary
Information disclosure vulnerability in Sleipnir Mobile for Android
Details
Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location.
Ryoji Tamura reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000007.html",
"dc:date": "2014-01-27T09:47+09:00",
"dcterms:issued": "2014-01-22T15:29+09:00",
"dcterms:modified": "2014-01-27T09:47+09:00",
"description": "Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user\u0027s location.\r\n\r\nSleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user\u0027s location.\r\n\r\nRyoji Tamura reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000007.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir_mobile",
"@product": "Sleipnir Mobile",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000007",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN81637882/index.html",
"@id": "JVN#81637882",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0806",
"@id": "CVE-2014-0806",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0806",
"@id": "CVE-2014-0806",
"@source": "NVD"
},
{
"#text": "http://www.w3.org/TR/geolocation-API/#privacy_for_uas",
"@id": "W3C - Geolocation API Specification",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Information disclosure vulnerability in Sleipnir Mobile for Android"
}
JVNDB-2013-000046
Vulnerability from jvndb - Published: 2013-05-29 15:19 - Updated:2013-05-29 15:19Summary
Sleipnir Mobile for Android vulnerable to address bar spoofing
Details
Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000046.html",
"dc:date": "2013-05-29T15:19+09:00",
"dcterms:issued": "2013-05-29T15:19+09:00",
"dcterms:modified": "2013-05-29T15:19+09:00",
"description": "Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000046.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir_mobile",
"@product": "Sleipnir Mobile",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000046",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN22756333/index.html",
"@id": "JVN#22756333",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2317",
"@id": "CVE-2013-2317",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2317",
"@id": "CVE-2013-2317",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Sleipnir Mobile for Android vulnerable to address bar spoofing"
}
JVNDB-2013-000033
Vulnerability from jvndb - Published: 2013-04-12 12:41 - Updated:2013-04-12 12:41Summary
Sleipnir Mobile for Android loads arbitrary Extension API
Details
Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API.
Sleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000033.html",
"dc:date": "2013-04-12T12:41+09:00",
"dcterms:issued": "2013-04-12T12:41+09:00",
"dcterms:modified": "2013-04-12T12:41+09:00",
"description": "Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API.\r\nSleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000033.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir_mobile",
"@product": "Sleipnir Mobile",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000033",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN02895867/index.html",
"@id": "JVN#02895867",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2304",
"@id": "CVE-2013-2304",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2304",
"@id": "CVE-2013-2304",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Sleipnir Mobile for Android loads arbitrary Extension API"
}
JVNDB-2013-000032
Vulnerability from jvndb - Published: 2013-04-11 14:14 - Updated:2013-04-11 14:14Summary
Sleipnir for Windows vulnerable to address bar spoofing
Details
Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000032.html",
"dc:date": "2013-04-11T14:14+09:00",
"dcterms:issued": "2013-04-11T14:14+09:00",
"dcterms:modified": "2013-04-11T14:14+09:00",
"description": "Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000032.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000032",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65034198/index.html",
"@id": "JVN#65034198",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2303",
"@id": "CVE-2013-2303",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2303",
"@id": "CVE-2013-2303",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Sleipnir for Windows vulnerable to address bar spoofing"
}
JVNDB-2012-000076
Vulnerability from jvndb - Published: 2012-08-08 14:43 - Updated:2012-08-08 14:43Summary
Sleipnir Mobile for Android vulnerable to arbitrary script execution
Details
Sleipnir Mobile for Android contains an arbitrary script execution vulnerability.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000076.html",
"dc:date": "2012-08-08T14:43+09:00",
"dcterms:issued": "2012-08-08T14:43+09:00",
"dcterms:modified": "2012-08-08T14:43+09:00",
"description": "Sleipnir Mobile for Android contains an arbitrary script execution vulnerability.\r\n\r\nSleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000076.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir_mobile",
"@product": "Sleipnir Mobile",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000076",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN39519659/index.html",
"@id": "JVN#39519659",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4004",
"@id": "CVE-2012-4004",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4004",
"@id": "CVE-2012-4004",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Sleipnir Mobile for Android vulnerable to arbitrary script execution"
}
JVNDB-2012-000075
Vulnerability from jvndb - Published: 2012-08-08 14:39 - Updated:2012-08-08 14:39Summary
Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Details
Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000075.html",
"dc:date": "2012-08-08T14:39+09:00",
"dcterms:issued": "2012-08-08T14:39+09:00",
"dcterms:modified": "2012-08-08T14:39+09:00",
"description": "Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability.\r\n\r\nSleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000075.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir_mobile",
"@product": "Sleipnir Mobile",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000075",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN99730704/index.html",
"@id": "JVN#99730704",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2649",
"@id": "CVE-2012-2649",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2649",
"@id": "CVE-2012-2649",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
}
],
"title": "Sleipnir Mobile for Android vulnerable to arbitrary Java method execution"
}
JVNDB-2012-000071
Vulnerability from jvndb - Published: 2012-07-24 14:05 - Updated:2012-07-24 14:05Summary
Sleipnir Mobile for Android vulnerable in the WebView class
Details
Sleipnir Mobile for Android contains a vulnerability in the WebView class.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000071.html",
"dc:date": "2012-07-24T14:05+09:00",
"dcterms:issued": "2012-07-24T14:05+09:00",
"dcterms:modified": "2012-07-24T14:05+09:00",
"description": "Sleipnir Mobile for Android contains a vulnerability in the WebView class.\r\n\r\nSleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000071.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir_mobile",
"@product": "Sleipnir Mobile",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000071",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88643450/index.html",
"@id": "JVN#88643450",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2646",
"@id": "CVE-2012-2646",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2646",
"@id": "CVE-2012-2646",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Sleipnir Mobile for Android vulnerable in the WebView class"
}
JVNDB-2010-000058
Vulnerability from jvndb - Published: 2010-12-01 20:27 - Updated:2010-12-01 20:27Summary
Clipboard contents alteration vulnerability in Grani
Details
Grani contains a vulnerability in which the contents of the clipboard may be altered.
Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website.
According to the developer, users who are using the version 4.5 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000058.html",
"dc:date": "2010-12-01T20:27+09:00",
"dcterms:issued": "2010-12-01T20:27+09:00",
"dcterms:modified": "2010-12-01T20:27+09:00",
"description": "Grani contains a vulnerability in which the contents of the clipboard may be altered.\r\n\r\nGrani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website.\r\n\r\nAccording to the developer, users who are using the version 4.5 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000058.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000058",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN76662040/index.html",
"@id": "JVN#76662040",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3919",
"@id": "CVE-2010-3919",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3919",
"@id": "CVE-2010-3919",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42428",
"@id": "SA42428",
"@source": "SECUNIA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Clipboard contents alteration vulnerability in Grani"
}
JVNDB-2010-000057
Vulnerability from jvndb - Published: 2010-12-01 20:27 - Updated:2010-12-01 20:27Summary
Clipboard contents alteration vulnerability in Sleipnir
Details
Sleipnir contains a vulnerability in which the contents of the clipboard may be altered.
Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website.
According to the developer, users who are using the version 2.9.6 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000057.html",
"dc:date": "2010-12-01T20:27+09:00",
"dcterms:issued": "2010-12-01T20:27+09:00",
"dcterms:modified": "2010-12-01T20:27+09:00",
"description": "Sleipnir contains a vulnerability in which the contents of the clipboard may be altered.\r\n\r\nSleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website.\r\n\r\nAccording to the developer, users who are using the version 2.9.6 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000057.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000057",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN64764004/index.html",
"@id": "JVN#64764004",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3918",
"@id": "CVE-2010-3918",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3918",
"@id": "CVE-2010-3918",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42427",
"@id": "SA42427",
"@source": "SECUNIA"
},
{
"#text": "http://osvdb.org/69604",
"@id": "69604",
"@source": "OSVDB"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Clipboard contents alteration vulnerability in Sleipnir"
}
JVNDB-2010-000048
Vulnerability from jvndb - Published: 2010-10-25 17:43 - Updated:2010-10-25 17:43Summary
Sleipnir and Grani may insecurely load executable files
Details
Sleipnir and Grani may use unsafe methods for determining how to load executables (.exe).
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html",
"dc:date": "2010-10-25T17:43+09:00",
"dcterms:issued": "2010-10-25T17:43+09:00",
"dcterms:modified": "2010-10-25T17:43+09:00",
"description": "Sleipnir and Grani may use unsafe methods for determining how to load executables (.exe).\r\n\r\nSleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000048",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN89272705/index.html",
"@id": "JVN#89272705",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3164",
"@id": "CVE-2010-3164",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3164",
"@id": "CVE-2010-3164",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Sleipnir and Grani may insecurely load executable files"
}
JVNDB-2010-000047
Vulnerability from jvndb - Published: 2010-10-25 17:42 - Updated:2010-10-25 17:42Summary
Sleipnir and Grani may insecurely load dynamic libraries
Details
Sleipnir and Grani may use unsafe methods for determining how to load DLLs.
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html",
"dc:date": "2010-10-25T17:42+09:00",
"dcterms:issued": "2010-10-25T17:42+09:00",
"dcterms:modified": "2010-10-25T17:42+09:00",
"description": "Sleipnir and Grani may use unsafe methods for determining how to load DLLs.\r\n\r\nSleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL\u0027s when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000047",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50610528/index.html",
"@id": "JVN#50610528",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3163",
"@id": "CVE-2010-3163",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3163",
"@id": "CVE-2010-3163",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201010_Sleipnir_en.html",
"@id": "Security Alert for Vulnerability in Sleipnir and Grani",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.kb.cert.org/vuls/id/707943",
"@id": "VU#707943",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
}
],
"title": "Sleipnir and Grani may insecurely load dynamic libraries"
}
JVNDB-2010-000025
Vulnerability from jvndb - Published: 2010-06-17 19:50 - Updated:2010-06-17 19:50Summary
Multiple vulnerabilities in ActiveGeckoBrowser
Details
ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities.
ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000025.html",
"dc:date": "2010-06-17T19:50+09:00",
"dcterms:issued": "2010-06-17T19:50+09:00",
"dcterms:modified": "2010-06-17T19:50+09:00",
"description": "ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities.\r\n\r\nActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000025.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:activegeckobrowser",
"@product": "ActiveGeckoBrowser",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000025",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67120749/index.html",
"@id": "JVN#67120749",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2420",
"@id": "CVE-2010-2420",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2420",
"@id": "CVE-2010-2420",
"@source": "NVD"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/59493",
"@id": "59493",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ActiveGeckoBrowser"
}
JVNDB-2008-000029
Vulnerability from jvndb - Published: 2008-06-10 13:59 - Updated:2008-06-10 13:59Summary
Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
Details
Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history.
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the search results are restored from history.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000029.html",
"dc:date": "2008-06-10T13:59+09:00",
"dcterms:issued": "2008-06-10T13:59+09:00",
"dcterms:modified": "2008-06-10T13:59+09:00",
"description": "Sleipnir and Grani, web browsers from Fenrir \u0026 Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history.\r\n\r\nSleipnir and Grani, web browsers from Fenrir \u0026 Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user\u0027s web browser when the search results are restored from history.\r\n\r\nShuya Ueki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000029.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:portable_sleipnir",
"@product": "Portable Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25448394/index.html",
"@id": "JVN#25448394",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2567",
"@id": "CVE-2008-2567",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2567",
"@id": "CVE-2008-2567",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/30487",
"@id": "SA30487",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/29555",
"@id": "29555",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/42827",
"@id": "42827",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history"
}
JVNDB-2007-000804
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution
Details
Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script.
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web browser when the search result is displayed.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000804.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sleipnir and Grani, web browsers from Fenrir \u0026 Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script.\r\n\r\nSleipnir and Grani, web browsers from Fenrir \u0026 Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user\u0027s web browser when the search result is displayed.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000804.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:portable_sleipnir",
"@product": "Portable Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000804",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65427327/index.html",
"@id": "JVN#65427327",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6002",
"@id": "CVE-2007-6002",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6002",
"@id": "CVE-2007-6002",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27655",
"@id": "SA27655",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/27675",
"@id": "SA27675",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/26418",
"@id": "26418",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/38441",
"@id": "38441",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution"
}
JVNDB-2007-000093
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Details
Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000093.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sleipnir is a tabbed web browser developed in Japan by Fenrir \u0026 Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000093.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:portable_sleipnir",
"@product": "Portable Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir:darksky_rss_bar",
"@product": "RSS Bar",
"@vendor": "Darksky",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000093",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93700808/index.html",
"@id": "JVN#93700808",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0705",
"@id": "CVE-2007-0705",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0705",
"@id": "CVE-2007-0705",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/23927/",
"@id": "SA23927",
"@source": "SECUNIA"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0364",
"@id": "FrSIRT/ADV-2007-0364",
"@source": "FRSIRT"
}
],
"title": "Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone"
}
JVNDB-2007-000091
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Details
Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000091.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sleipnir is a tabbed web browser developed in Japan by Fenrir \u0026 Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone (My Computer zone).",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000091.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:portable_sleipnir",
"@product": "Portable Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir:darksky_rss_bar",
"@product": "RSS Bar",
"@vendor": "Darksky",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000091",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93700808/index.html",
"@id": "JVN#93700808",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0706",
"@id": "CVE-2007-0706",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0706",
"@id": "CVE-2007-0706",
"@source": "NVD"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0365",
"@id": "FrSIRT/ADV-2007-0365",
"@source": "FRSIRT"
}
],
"title": "Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone"
}