Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Feb 2014 02:05:29 -0600
From: "Joshua J. Drake" <oss-sec-addjsif@...p.org>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean

On Mon, Feb 10, 2014 at 11:32:23PM -0500, cve-assign@...re.org wrote:
> 
> Use CVE-2014-1939. For example, see:
> 
> https://android.googlesource.com/platform/frameworks/base/+/jb-release/core/java/android/webkit/
> https://android.googlesource.com/platform/frameworks/base/+/jb-release/core/java/android/webkit/SearchBoxImpl.java
> 
> versus:
> 
> https://android.googlesource.com/platform/frameworks/base/+/kitkat-release/core/java/android/webkit/

Thanks for the CVE assignment.

For interested parties, I consider the actual issue to be the use of
the unsafe addJavascriptInterface API at all. This happens in
BrowserFrame.java (not in SearchBoxImpl.java) See use of the
javascriptInterfaces and mJavaScriptObjects variables and the
nativeAddJavascriptInterface JNI function.

Joshua

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.