2 matches found
CVE-2013-3647
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because...
CVE-2013-3647
The CVE-2013-3647 entry describes a WebView vulnerability in Cybozu Live for Android (pre-2.0.1) where a crafted file:// URL can execute arbitrary JavaScript and disclose data. Root cause ties to a CVE-2012-4009 regression. Exploitation discussed via malicious files on the device; remediation adv...