Navigation Event Bypass in Apache Cordova and Adobe PhoneGap on Windows Phone
CVE-2014-1884

Currently unrated

Key Information:

Vendor

Apache
Status
Cordova
Vendor
CVE Published:
3 March 2014

What is CVE-2014-1884?

The vulnerability allows remote attackers to circumvent restrictions on device resources through improper handling of navigation events. Specific methods exploited include accessing content via IFRAME elements or using the XMLHttpRequest method within crafted applications. This security flaw potentially exposes sensitive information and enables unauthorized actions on affected Windows Phone devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf
x_refsource_MISC
http://www.internetsociety.org/ndss2014/programme#session3
x_refsource_MISC
http://seclists.org/bugtraq/2014/Jan/96
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.