CVE-2024-31974

Name of the Vulnerable Software and Affected Versions com.solarized.firedown (aka Solarized FireDown Browser & Downloader) version 1.0.76

Description The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. This is possible because com.solarized.firedown.IntentActivity uses a WebView component to display web content and does not adequately sanitize the URI or any extra data passed in the intent by any installed application, regardless of permissions. The problem impacts the WebView component, allowing permission escalation.

Recommendations For version 1.0.76, update the application to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the WebView component in the com.solarized.firedown.IntentActivity until a patch is available.