CVE-2011-2357 (GCVE-0-2011-2357)
Vulnerability from cvelistv5 – Published: 2011-08-12 18:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2011-07-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/74260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"
},
{
"name": "45457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45457"
},
{
"name": "android-sandbox-cas(68937)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"
},
{
"name": "48954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Aug/9"
},
{
"name": "1025881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025881"
},
{
"name": "8335",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain\u0027s URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "74260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/74260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"
},
{
"name": "45457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45457"
},
{
"name": "android-sandbox-cas(68937)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"
},
{
"name": "48954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Aug/9"
},
{
"name": "1025881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025881"
},
{
"name": "8335",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain\u0027s URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74260",
"refsource": "OSVDB",
"url": "http://osvdb.org/74260"
},
{
"name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b"
},
{
"name": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"
},
{
"name": "45457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45457"
},
{
"name": "android-sandbox-cas(68937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"
},
{
"name": "48954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48954"
},
{
"name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"
},
{
"name": "http://blog.watchfire.com/files/advisory-android-browser.pdf",
"refsource": "MISC",
"url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"
},
{
"name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf",
"refsource": "MISC",
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"
},
{
"name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/",
"refsource": "MISC",
"url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"
},
{
"name": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html",
"refsource": "MISC",
"url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"
},
{
"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Aug/9"
},
{
"name": "1025881",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025881"
},
{
"name": "8335",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-2357",
"datePublished": "2011-08-12T18:00:00.000Z",
"dateReserved": "2011-06-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:33.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-2357",
"date": "2026-04-25",
"epss": "0.0492",
"percentile": "0.89645"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1FD2E59-59BF-4611-B65B-A2981127CAC0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain\u0027s URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de tipo Cross-application scripting en la funcionalidad de carga de Browser URL en Android versiones 2.3.4 y 3.1, permite que las aplicaciones locales omitan el sandbox y ejecuten JavaScript arbitrario en dominios arbitrarios al (1) causar que un n\\u00famero de pesta\\u00f1as MAX_TAB sean abiertas y luego cargar un URI hacia el dominio de destino en la pesta\\u00f1a actual, o (2) realizar dos llamadas a la funci\\u00f3n startActivity que comienzan con el URI del dominio de destino seguido del Javascript malicioso mientras que el enfoque de la interfaz de usuario a\\u00fan est\\u00e1 asociado con el dominio de destino.\"}]",
"id": "CVE-2011-2357",
"lastModified": "2024-11-21T01:28:06.207",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2011-08-12T18:55:04.573",
"references": "[{\"url\": \"http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://blog.watchfire.com/files/advisory-android-browser.pdf\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://osvdb.org/74260\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2011/Aug/9\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://secunia.com/advisories/45457\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://securityreason.com/securityalert/8335\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://securitytracker.com/id?1025881\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/519146/100/0/threaded\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/48954\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/68937\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blog.watchfire.com/files/advisory-android-browser.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/74260\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2011/Aug/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/45457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/8335\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1025881\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/519146/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48954\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/68937\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-2357\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2011-08-12T18:55:04.573\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain\u0027s URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de tipo Cross-application scripting en la funcionalidad de carga de Browser URL en Android versiones 2.3.4 y 3.1, permite que las aplicaciones locales omitan el sandbox y ejecuten JavaScript arbitrario en dominios arbitrarios al (1) causar que un n\u00famero de pesta\u00f1as MAX_TAB sean abiertas y luego cargar un URI hacia el dominio de destino en la pesta\u00f1a actual, o (2) realizar dos llamadas a la funci\u00f3n startActivity que comienzan con el URI del dominio de destino seguido del Javascript malicioso mientras que el enfoque de la interfaz de usuario a\u00fan est\u00e1 asociado con el dominio de destino.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1FD2E59-59BF-4611-B65B-A2981127CAC0\"}]}]}],\"references\":[{\"url\":\"http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://blog.watchfire.com/files/advisory-android-browser.pdf\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://osvdb.org/74260\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2011/Aug/9\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://secunia.com/advisories/45457\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://securityreason.com/securityalert/8335\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://securitytracker.com/id?1025881\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/519146/100/0/threaded\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/48954\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/68937\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blog.watchfire.com/files/advisory-android-browser.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/74260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2011/Aug/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/45457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1025881\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/519146/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/68937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…