MOAB-07-01-2007: OmniWeb Javascript alert() Format String Vulnerability

OmniWeb is affected by a format string vulnerability in the handling of Javascript alert() function, which could allow remote arbitrary code execution.

• MOAB-07-01-2007
• Proof of concept: MOAB-07-01-2007.html

Some hate e-mail examples available from the Rixstep fellows at The ORLANDO Files.

Update: After contacting Omni Group they have provided a new OmniWeb version, 5.5.2, which fixes this issue. Prompt response and fix times. Way to go! (missed to credit KF, though)