PT-2017-14851 · Dolphin · Dolphin Browser For Android

Benjamin Watson

Published

2017-12-12

Updated

2019-10-03

CVE-2017-17553

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dolphin Browser for Android version 12.0.2

Description The issue is related to an insecure parsing implementation of the Intent URI scheme. This could allow attackers to invoke private Activities within the Dolphin Browser by using a malicious Intent URI.

Recommendations For version 12.0.2, consider restricting access to private Activities until a patch is available. As a temporary workaround, avoid using the Dolphin Browser for Android with untrusted Intent URIs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-17553

Affected Products

Dolphin Browser For Android

PT-2017-14851 · Dolphin · Dolphin Browser For Android

CVE-2017-17553

Related Identifiers

Affected Products

References · 3