Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Feb 2014 10:43:43 -0800
From: Nick Kralevich <nnk@...gle.com>
To: oss-security@...ts.openwall.com
Cc: oss-sec-addjsif@...p.org, cve-assign@...re.org
Subject: Re: CVE-2014-1939 searchBoxJavaBridge_ in Android
 Jelly Bean

This particular issue was previously assigned a CVE by JPCERT,
specifically, CVE-2013-4710. See
https://jvn.jp/en/jp/JVN53768697/index.html for additional
information.

CVE-2014-1939 should be marked as a DUPLICATE of CVE-2013-4710.

-- Nick

On Mon, Feb 10, 2014 at 8:32 PM,  <cve-assign@...re.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> From: "Joshua J. Drake" <oss-sec-addjsif@...p.org>
>> Subject: Re: CVEs for Android addJavascriptInterface issues (was: multiple issues in Apache Cordova/PhoneGap)
>> Date: Sat, 8 Feb 2014 00:47:05 -0600
>> Message-ID: <20140208064704.GA17711@...
>>
>> You may have seen recently released Metasploit module that allows a
>> remote compromise of the Google Glass browser using an incorrectly
>> exposed Javascript bridge via the "searchBoxJavaBridge_" object. This
>> exposes an instance of android.webkit.SearchBoxImpl in older versions
>> of the Android browser.
>
> Use CVE-2014-1939. For example, see:
>
> https://android.googlesource.com/platform/frameworks/base/+/jb-release/core/java/android/webkit/
> https://android.googlesource.com/platform/frameworks/base/+/jb-release/core/java/android/webkit/SearchBoxImpl.java
>
> versus:
>
> https://android.googlesource.com/platform/frameworks/base/+/kitkat-release/core/java/android/webkit/
>
> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (SunOS)
>
> iQEcBAEBAgAGBQJS+acoAAoJEKllVAevmvmssJYIAKETcBfP8SJYDEY7bPoC8Ivc
> oJgTS05tzQMb+w+sju0vl0Ph19TTp225AfMrrB6gD1V5MlkZvPcSF7YsyuDvWON1
> sBoz93bmnVe54+1potTAa6ECkWNbILOx7ZHFxwM5vj+Iyd7jE5RjAnRl/2bYQUvo
> eRneKDuI+Ayc7Uq8Jk8HblaNgHVqW6oxrREKotiLJnP8kbaBAqQBgZdoE5PYsGvj
> KVMU+2WrgDTb3eD6SZUvumF7WNaQ08iUSbhgED2Yv79JXs3jerWQ4gbdSd1YXgwO
> PWY3OcU/iyMNfZZqgxZypk483tVo8FkEftDsHA/5b9/HMMbf/NSS62Gn9sVHmJk=
> =E2Z7
> -----END PGP SIGNATURE-----



-- 
Nick Kralevich | Android Security | nnk@...gle.com | 650.214.4037

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ