2 matches found
CVE-2014-1883
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...
CVE-2014-1883
Adobe PhoneGap for Android is vulnerable before version 2.6.0 due to using shouldOverrideUrlLoading instead of shouldInterceptRequest, allowing a crafted app to bypass device-resource restrictions via content loaded in an IFRAME or via XMLHttpRequest. Root cause: incorrect callback usage in the W...