CVE-2011-2357

Open Handset Alliance Android 2.3.4/3.1 - Browser Sandbox Security Bypass

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

La vulnerabilidad de tipo Cross-application scripting en la funcionalidad de carga de Browser URL en Android versiones 2.3.4 y 3.1, permite que las aplicaciones locales omitan el sandbox y ejecuten JavaScript arbitrario en dominios arbitrarios al (1) causar que un número de pestañas MAX_TAB sean abiertas y luego cargar un URI hacia el dominio de destino en la pestaña actual, o (2) realizar dos llamadas a la función startActivity que comienzan con el URI del dominio de destino seguido del Javascript malicioso mientras que el enfoque de la interfaz de usuario aún está asociado con el dominio de destino.

Dolphin Browser HD versions prior to 6.1.0 suffer from a cross applications scripting vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-06-02 CVE Reserved
2011-08-02 CVE Published
2011-08-02 First Exploit
2023-11-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (16)

URL	Tag	Source
http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17	X_refsource_confirm
http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b	X_refsource_confirm
http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e	X_refsource_confirm
http://blog.watchfire.com/files/advisory-android-browser.pdf	X_refsource_misc
http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html	X_refsource_misc
http://osvdb.org/74260	Vdb Entry
http://seclists.org/fulldisclosure/2011/Aug/9	Mailing List
http://secunia.com/advisories/45457	Third Party Advisory
http://securityreason.com/securityalert/8335	Third Party Advisory
http://securitytracker.com/id?1025881	Vdb Entry
http://www.infsec.cs.uni-saarland.de/projects/android-vuln	X_refsource_misc
http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf	X_refsource_misc
http://www.securityfocus.com/archive/1/519146/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/48954	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/68937	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/36006	2011-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				2.3.4 Search vendor "Google" for product "Android" and version "2.3.4"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				3.1 Search vendor "Google" for product "Android" and version "3.1"		-		Affected