{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-07-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "74260", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/74260"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17"}, {"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"}, {"name": "45457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45457"}, {"name": "android-sandbox-cas(68937)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"}, {"name": "48954", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48954"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"}, {"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2011/Aug/9"}, {"name": "1025881", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025881"}, {"name": "8335", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8335"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2011-2357", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "74260", "refsource": "OSVDB", "url": "http://osvdb.org/74260"}, {"name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b"}, {"name": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17"}, {"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"}, {"name": "45457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45457"}, {"name": "android-sandbox-cas(68937)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"}, {"name": "48954", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48954"}, {"name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"}, {"name": "http://blog.watchfire.com/files/advisory-android-browser.pdf", "refsource": "MISC", "url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"}, {"name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf", "refsource": "MISC", "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"}, {"name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/", "refsource": "MISC", "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"}, {"name": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html", "refsource": "MISC", "url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"}, {"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Aug/9"}, {"name": "1025881", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025881"}, {"name": "8335", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8335"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:33.673Z"}, "title": "CVE Program Container", "references": [{"name": "74260", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/74260"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17"}, {"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"}, {"name": "45457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45457"}, {"name": "android-sandbox-cas(68937)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"}, {"name": "48954", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48954"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"}, {"name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2011/Aug/9"}, {"name": "1025881", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025881"}, {"name": "8335", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8335"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2011-2357", "datePublished": "2011-08-12T18:00:00.000Z", "dateReserved": "2011-06-02T00:00:00.000Z", "dateUpdated": "2024-08-06T23:00:33.673Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1FD2E59-59BF-4611-B65B-A2981127CAC0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain."}, {"lang": "es", "value": "La vulnerabilidad de tipo Cross-application scripting en la funcionalidad de carga de Browser URL en Android versiones 2.3.4 y 3.1, permite que las aplicaciones locales omitan el sandbox y ejecuten JavaScript arbitrario en dominios arbitrarios al (1) causar que un n\u00famero de pesta\u00f1as MAX_TAB sean abiertas y luego cargar un URI hacia el dominio de destino en la pesta\u00f1a actual, o (2) realizar dos llamadas a la funci\u00f3n startActivity que comienzan con el URI del dominio de destino seguido del Javascript malicioso mientras que el enfoque de la interfaz de usuario a\u00fan est\u00e1 asociado con el dominio de destino."}], "id": "CVE-2011-2357", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-08-12T18:55:04.573", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17"}, {"source": "chrome-cve-admin@google.com", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b"}, {"source": "chrome-cve-admin@google.com", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"}, {"source": "chrome-cve-admin@google.com", "url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"}, {"source": "chrome-cve-admin@google.com", "url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://osvdb.org/74260"}, {"source": "chrome-cve-admin@google.com", "url": "http://seclists.org/fulldisclosure/2011/Aug/9"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/45457"}, {"source": "chrome-cve-admin@google.com", "url": "http://securityreason.com/securityalert/8335"}, {"source": "chrome-cve-admin@google.com", "url": "http://securitytracker.com/id?1025881"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/48954"}, {"source": "chrome-cve-admin@google.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://android.git.kernel.org/?p=platform/cts.git%3Ba=commit%3Bh=7e48fb87d48d27e65942b53b7918288c8d740e17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=096bae248453abe83cbb2e5a2c744bd62cdb620b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git%3B%20a=commit%3Bh=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.watchfire.com/files/advisory-android-browser.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/74260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2011/Aug/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/45457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1025881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}