[VIM] Yoono chrome-privileges issue (CVE-2009-4100) fixed in 6.1.1

Steven M. Christey coley at linus.mitre.org
Fri Dec 4 21:14:27 UTC 2009


A Yoono vendor representative e-mailed us to clarify a CVE description 
change.  http://www.net-security.org/secworld.php?id=8527 implies that 
6.1.1 is affected ("Yoono 6.1.1 and previous") but the vendor stated that 
6.1.1 is actually fixed, and the fix was available in July.  See the CVE 
below.

- Steve

======================================================
Name: CVE-2009-4100
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4100
Reference: MISC:http://www.net-security.org/secworld.php?id=8527
Reference: CONFIRM:https://addons.mozilla.org/en-US/firefox/addons/versions/1833#version-6.1.1
Reference: BID:37123
Reference: URL:http://www.securityfocus.com/bid/37123
Reference: SECUNIA:37468
Reference: URL:http://secunia.com/advisories/37468
Reference: VUPEN:ADV-2009-3326
Reference: URL:http://www.vupen.com/english/advisories/2009/3326
Reference: XF:yoonoo-domevent-xss(54417)
Reference: URL:http://xforce.iss.net/xforce/xfdb/54417

Yoono extension before 6.1.1 for Firefox performs certain operations
with chrome privileges, which allows user-assisted remote attackers to
execute arbitrary commands and perform cross-domain scripting attacks
via DOM event handlers such as onload.




More information about the VIM mailing list