Android built-in browser cross-domain vulnerabilities UXSS-a vulnerability warning-the black bar safety net

ID MYHACK58:62201453207
Type myhack58
Reporter 佚名
Modified 2014-09-05T00:00:00


Related links:

Test Link:

> <iframe name="m" src="" onload="window. open('\u0000javascript:alert(document. location)','m')" >

Genesis: because the Android built-in browser to use an older version of the Chromium kernel, so is introduced the old version of the history of the vulnerability, a new version has been fixed, the exploitation of this vulnerability can easily get the user the website's cookies, a variety of call Android built-in Browser the browser and app a Cheap Shot in!


CVE-2 0 1 4-6 0 4 1