[MajorSecurity-SA-2013-014]Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing
Product: Sony Playstation Vita Browser - firmware 2.05 CVE-ID: CVE-2013-XXXX Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://de.playstation.com/psvita/ Advisory-Status: published
Discovered by: David Vieira-Kurz of MajorSecurity original advisory: http://majorsecurity.com/psvita/sa-2013-014-en.php
Sony Playstation Vita Browser ( Firmware: 2.05 ) Prior versions may also be affected
"Playstation Vita is the new handheld of Sony."
1) Visit http://majorsecurity.com/psvita/psvita-demo.html with a PS Vita with firmware 2.05 installed 2) click the "demo" button 3) The web browser will open a new window with "http://de.playstation.com/psvita/" in the adress bar, but in fact "http://de.playstation.com/psvita/" is being displayed inside an iframe within the host http://www.majorsecurity.com
A proof-of-concept code is available here: http://de.playstation.com/psvita/
Users should upgrade to a newer version as far as the vendor has supplied a patch.
2013-01-20, vulnerability identified 2013-01-20, vulnerability reproduced with firmware 2.05 2013-01-20, vendor has been informed 2013-01-27, vendor has been informed once again 2013-01-29, advisory published with partially details 2013-02-05, advisory published with full details and poc
Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact us for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall MajorSecurity be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if MajorSecurity has been advised of the possibility of such damages.