admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2011/2xxx/CVE-2011-2357.json
CVE Team e5b91ff2ac
"-Synchronized-Data."
2019-03-18 01:37:40 +00:00

132 lines
5.5 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74260",
"refsource": "OSVDB",
"url": "http://osvdb.org/74260"
},
{
"name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b"
},
{
"name": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"
},
{
"name": "45457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45457"
},
{
"name": "android-sandbox-cas(68937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"
},
{
"name": "48954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48954"
},
{
"name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"
},
{
"name": "http://blog.watchfire.com/files/advisory-android-browser.pdf",
"refsource": "MISC",
"url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"
},
{
"name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf",
"refsource": "MISC",
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"
},
{
"name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/",
"refsource": "MISC",
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"
},
{
"name": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html",
"refsource": "MISC",
"url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Aug/9"
},
{
"name": "1025881",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025881"
},
{
"name": "8335",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8335"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink