Sunday, January 7, 2007

MOAB-07-01-2007: OmniWeb Javascript alert() Format String Vulnerability

OmniWeb is affected by a format string vulnerability in the handling of Javascript alert() function, which could allow remote arbitrary code execution.
Some hate e-mail examples available from the Rixstep fellows at The ORLANDO Files.

Update: After contacting Omni Group they have provided a new OmniWeb version, 5.5.2, which fixes this issue. Prompt response and fix times. Way to go! (missed to credit KF, though)