JVN#64764004
Clipboard contents alteration vulnerability in Sleipnir
Overview
Sleipnir contains a vulnerability in which the contents of the clipboard may be altered.
Products Affected
- Sleipnir 2.9.6 and earlier
Description
Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website.
Impact
Contents contained in the clipboard may be leaked or altered.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Change the settings
For users who are already using version 2.9.6, change the settings according to the information provided by the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2010.12.01
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2010-3918 |
| JVN iPedia |
JVNDB-2010-000057 |