The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
References
Link | Resource |
---|---|
http://d3adend.org/blog/?p=403 | Issue Tracking Third Party Advisory |
http://seclists.org/fulldisclosure/2014/Mar/30 | Mailing List Third Party Advisory |
http://www.securityfocus.com/archive/1/531334/100/0/threaded | |
http://www.securityfocus.com/bid/65959 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/91560 | Issue Tracking Third Party Advisory VDB Entry |
https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55 | Issue Tracking Patch Vendor Advisory |
https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-10-30T19:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0073
JSON object: View
NVD Information
Status : Modified
Published: 2017-10-30T19:29:00.373
Modified: 2023-11-07T02:18:07.540
Link: CVE-2014-0073
JSON object: View
Redhat Information
No data.
CWE