CVE Vulnerabilities

CVE-2014-6041

Published: Sep 02, 2014 | Modified: Sep 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a u0000 character, as demonstrated by an onclick=window.open(u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.

Affected Software

Name Vendor Start Version End Version
Android_browser Google 4.2.1 (including) 4.2.1 (including)

References