CVE-2011-2357

Google Android - Improper Input Validation

Title source: rule

Description

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roee Hay · javaremotemultiple

https://www.exploit-db.com/exploits/36006

View Code ZIP pw:eip

References (15)

[Patch] http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17

[Patch] http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b

[Patch] http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e

[Various Sources] http://blog.watchfire.com/files/advisory-android-browser.pdf

[Various Sources] http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html

[Mailing List] http://seclists.org/fulldisclosure/2011/Aug/9

[Various Sources] http://www.infsec.cs.uni-saarland.de/projects/android-vuln/

[Various Sources] http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/519146/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/68937

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/48954

[Third Party Advisory, VDB Entry] http://osvdb.org/74260

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025881

[Third Party Advisory] http://secunia.com/advisories/45457

[Third Party Advisory] http://securityreason.com/securityalert/8335

Scores

EPSS 0.0527

EPSS Percentile 89.8%

Classification

CWE

CWE-20

Status draft

Affected Products (2)

google/android

google/android

Timeline

Published Aug 12, 2011

Tracked Since Feb 18, 2026