Cordova is vulnerable to bypassing device resource restrictions. The vulnerability exists because it does not handle the navigation events properly. Therefore it allows the attacker to bypass the device-resource restrictions when content is accessed 1) in an IFRAME
or 2) with the XMLHttpRequest
method.