PT-2014-7019 · Google · Android Browser+1
Joev
+1
·
Publicado
2014-09-02
·
Atualizado
2017-09-08
·
CVE-2014-6041
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 4.4
Description
The issue allows remote attackers to bypass the Same Origin Policy. This can be achieved via a crafted attribute containing a u0000 character. For example, an onclick attribute with a window.open sequence can be used to demonstrate this issue in the Android Browser application or a third-party web browser.
Recommendations
For Android versions prior to 4.4, update to version 4.4 or later to resolve the issue.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android
Android Browser