[Pkg-javascript-devel] Bug#557745: yui: CVE-2007-2385 javascript hijacking
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Nov 24 03:09:27 UTC 2009
Package: yui
Version: 2.7.0b-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for yui.
CVE-2007-2385[0]:
| The Yahoo! UI framework exchanges data using JavaScript Object
| Notation (JSON) without an associated protection scheme, which allows
| remote attackers to obtain the data via a web page that retrieves the
| data through a URL in the SRC attribute of a SCRIPT element and
| captures the data using other JavaScript code, aka "JavaScript
| Hijacking."
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2385
http://security-tracker.debian.org/tracker/CVE-2007-2385
More information about the Pkg-javascript-devel
mailing list