Vulnerabilities

CVE-2014-6041

by Fred · 02/09/2014

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a u0000 character, as demonstrated by an onclick="window.open(‘u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.

Date published : 2014-09-02

http://www.securityfocus.com/bid/69548

https://android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87

Similar

Tags: Cybersecurity Alert