AndroidVulnerabilities.org

Browser Cross-App Scripting

(json)

• CVE numbers: CVE-2011-2357 [watchfire-crossapp][archived]
• Coordinated disclosure?: true
• Categories: app
• Details: Android browser could be tricked into running javascript in the domain of a different app [watchfire-crossapp][archived]
• Discovered by: Roee Hay and Yair Amit of the IBM Rational Application Security Research Group [citation-needed] on: Unknown
• Reported on: 2011-07-31 [watchfire-crossapp][archived]
• Fixed on: 2011-06-20 [browser-fix]
• Fix released on: Unknown
• Affected versions: 2.3.4, 3.1 [watchfire-crossapp][archived] regex:
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3.5, 3.2 [citation-needed]
• Submission: by: Roee Hay, on: 2015-10-15