Description
The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Townsend Harris · textdoshardware
https://www.exploit-db.com/exploits/9956
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12
Exploit x_refsource_misc
http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36936
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8373
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507126/100/0/threaded
Scores
EPSS
0.1818
EPSS Percentile
95.2%
Details
CWE
CWE-399
Status
published
Products (4)
hp/palm_pre_webos
1.0.2
hp/palm_pre_webos
1.0.3
hp/palm_pre_webos
1.0.4
hp/palm_pre_webos
< 1.1.0
Published
Sep 13, 2011
Tracked Since
Feb 18, 2026