CVE-2014-6041

Currently unrated

Key Information:

Vendor: Google
Status: Android Browser
Vendor: CVE Published:; 2 September 2014

Summary

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.

References

http://www.securityfocus.com/bid/69548

vdb-entryx_refsource_BID

http://www.rafayhackingarticles.net/2014/08/android-brows...

x_refsource_MISC

https://news.ycombinator.com/item?id=8325807

x_refsource_CONFIRM

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 2, 2014
Vulnerability Reserved
Sep 1, 2014

Collectors

NVD DatabaseMitre Database