Home > Vulnerability Database > CVE-2011-2357

Mend.io Vulnerability Database

CVE-2011-2357

Good to know:

Date: August 12, 2011

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

Language: Java

Severity Score

3.7

Related Resources (17)

Url: http://blog.watchfire.com/files/advisory-android-browser.pdf

Url: http://www.securityfocus.com/bid/48954

Url: http://www.securityfocus.com/archive/1/519146/100/0/threaded

Url: http://osvdb.org/74260

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/68937

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-2357

Url: http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b

Url: http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html

Url: http://securitytracker.com/id?1025881

Url: http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e

Url: http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17

Url: http://www.infsec.cs.uni-saarland.de/projects/android-vuln/

Url: http://securityreason.com/securityalert/8335

Url: http://seclists.org/fulldisclosure/2011/Aug/9

Url: http://secunia.com/advisories/45457

Url: http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf

Url: https://www.mend.io/vulnerability-database/CVE-2011-2357

Severity Score

3.7

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version android-2.3.5_r1

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-2357

Good to know:

Date: August 12, 2011

Language: Java

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?