JVN#62161191: JavaFX WebEngine does not properly restrict Java method execution

JavaFX, GUI library for Java applications, is provided with OracleJDK 7 through 10. Since OracleJDK 11, JavaFX is separately maintained and developed by OpenJFX project under OpenJDK community. JavaFX WebEngine component is capable of web content rendering, and possible to be configured to allow...

Design/Logic Flaw

The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636...

Server side request forgery (ssrf)

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service reboot via a crafted web page, as demonstrated ...

CVE-2012-6636

CVE-2012-6636 corresponds to an Android WebView issue where WebView.addJavascriptInterface is not properly restricted, allowing crafted JavaScript to invoke Java object methods via Reflection and potentially achieve remote code execution on apps targeting API level 16 or earlier. Connected docs s...

CVE-2012-6636

creationtimestamp| type| source ---|---|--- 2012-12-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41675 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/android/browser/webviewaddjavascriptinterface.rb 2025-02-06...

Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule OperatingSystems::Match::ANDROID, :arch = ARCHARMLE, :javascript = true, :rank =...