5 matches found
CVE-2014-1881
CVE-2014-1881 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier. The vulnerability arises in an event-based bridge technique where a crafted library clone can trigger IFRAME script execution and waits for an OnJsPrompt handler return value to bypass intended device-res...
CVE-2014-1884
CVE-2014-1884 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7/8. The root cause is improper restriction of navigation events, which lets remote attackers bypass device-resource restrictions when content is accessed (1) inside an iframe or (2) via t...
CVE-2014-1883
Adobe PhoneGap for Android is vulnerable before version 2.6.0 due to using shouldOverrideUrlLoading instead of shouldInterceptRequest, allowing a crafted app to bypass device-resource restrictions via content loaded in an IFRAME or via XMLHttpRequest. Root cause: incorrect callback usage in the W...
CVE-2012-6637
Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier are affected by a flaw in the domain-name whitelist check: the end of domain-name regular expressions is not anchored, allowing a domain that contains an acceptable name as an initial substring to bypass the whitelist. This is a code/...
CVE-2014-1882
Affected software: Apache Cordova 3.3.0 and earlier; Adobe PhoneGap 2.9.0 and earlier. Root cause: An event-based bridge can be bypassed via a crafted library clone that uses IFRAME script execution to directly access bridge JavaScript objects, demonstrated by cordova.require calls. Impact: Remot...