CVE-2014-1884

Name of the Vulnerable Software and Affected Versions Apache Cordova versions 3.3.0 and earlier Adobe PhoneGap versions 2.9.0 and earlier

Description The issue allows remote attackers to bypass intended device-resource restrictions. This can be achieved via content that is accessed in an IFRAME element or with the XMLHttpRequest method by a crafted application.

Recommendations For Apache Cordova versions 3.3.0 and earlier, consider restricting navigation events to prevent bypassing of device-resource restrictions. For Adobe PhoneGap versions 2.9.0 and earlier, restrict access to the XMLHttpRequest method to minimize the risk of exploitation.