Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.
It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin
/usr/lib/libkindleplugin.so (symlinked to
/usrl/lib/browser/plugins/libkindleplugin.so) that can be used by the system-wide WebKit engine.
libkindlepluginis scriptable by the browser and can be invoked to access its "exported" native methods when a user accesses a web page containing embedded scripts.
The user eureka has reported on the MobileRead forums that they have found multiple "exported" properties and methods associated with
* `property test (it just returns number 500)` * `method dev.log` * `method lipc.set` * `method lipc.get` * `method todo.scheduleItems` * `plugin.test` * `plugin.lipc.test` * `plugin.dev.test` * `plugin.todo.test`
By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.