Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Framer Preview 12 Content Injection Vulnerability

🗓️ 22 Sep 2020 00:00:00Reported by Julien AhrensType 
zdt
 zdt🔗 0day.today👁 60 Views

Framer Preview 12 Content Injection Vulnerability exposes activity "com.framer.viewer.FramerViewActivity" allowing unauthorized website content to be loaded

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Cross-site Scripting in Astaro Security_Gateway_Software
30 Apr 201915:15
githubexploit
CVE		CVE-2020-25203
25 Sep 202003:55
cve
Cvelist		CVE-2020-25203
25 Sep 202003:55
cvelist
EUVD		EUVD-2020-17893
7 Oct 202500:30
euvd
NVD		CVE-2020-25203
25 Sep 202004:23
nvd
Prion		Code injection
25 Sep 202004:23
prion
RedhatCVE		CVE-2020-25203
22 May 202516:01
redhatcve
1. ADVISORY INFORMATION
=======================
Product:        Framer Preview
Vendor URL:     https://play.google.com/store/apps/details?id=com.framerjs.android
Type:           Improper Export of Android Application Components [CWE-926]
Date found:     2020-09-06
Date published: 2020-09-22
CVSSv3 Score:   5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE:            CVE-2020-25203


2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.


3. VERSIONS AFFECTED
====================
Framer Preview 12


4. INTRODUCTION
===============
Framer Preview is the best way to view and interact with your Framer X and Framer 
Classic projects on Android phones and tablets.

(from the vendor's homepage)


5. VULNERABILITY DETAILS
========================
The "Framer Preview" app for Android exposes an activity to other apps called
"com.framer.viewer.FramerViewActivity". The purpose of this activity is to show
contents of a given URL via an fullscreen overlay to the app user.

However, the app does neither enforce any authorization schema on the activity
nor does it validate the given URL. 

This can be abused by an attacker (malicious app) to load any website/web content 
into the fullscreen overlay. An exemplary exploit could look like the following:

Intent i = new Intent();
i.setComponent(new ComponentName("com.framerjs.android", "com.framer.viewer.FramerViewActivity"));
i.setAction("android.intent.action.VIEW");
i.setData(Uri.parse("https://www.rcesecurity.com"));
startActivity(i);


6. RISK
=======
A malicious app on the same device is able to exploit this vulnerability to lead
the user to any webpage/content. The specific problem here is the assumed trust
boundary between the user having the Framer Preview app installed and what the app
is actually doing/displaying to the user. So if the user sees the app being
loaded and automatically loading another page, it can be assumed that the loaded 
page is also trusted by the user.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Sep 2020 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 21.9
CVSS 3.15.5
EPSS0.00071
framer previewcontent injectionandroid application componentssecurity vulnerabilityauthorization schemaexploit
60