Vulnerability Details CVE-2011-2357
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.071
EPSS Ranking 91.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17
- http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b
- http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e
- http://blog.watchfire.com/files/advisory-android-browser.pdf
- http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html
- http://osvdb.org/74260
- http://seclists.org/fulldisclosure/2011/Aug/9
- http://secunia.com/advisories/45457
- http://securityreason.com/securityalert/8335
- http://securitytracker.com/id?1025881
- http://www.infsec.cs.uni-saarland.de/projects/android-vuln/
- http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf
- http://www.securityfocus.com/archive/1/519146/100/0/threaded
- http://www.securityfocus.com/bid/48954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68937
- http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17
- http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b
- http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e
- http://blog.watchfire.com/files/advisory-android-browser.pdf
- http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html
- http://osvdb.org/74260
- http://seclists.org/fulldisclosure/2011/Aug/9
- http://secunia.com/advisories/45457
- http://securityreason.com/securityalert/8335
- http://securitytracker.com/id?1025881
- http://www.infsec.cs.uni-saarland.de/projects/android-vuln/
- http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf
- http://www.securityfocus.com/archive/1/519146/100/0/threaded
- http://www.securityfocus.com/bid/48954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68937