Android Browser Information Disclosure (Oct 10, 2014)
Android Open Source Project (AOSP) browser – called “Browser” – is a web browser application that is capable of rendering both static and dynamic web content (DOM). The app appears in Android 4.3 and earlier; in Android 4.4, Google dropped the app to encourage use of its Chrome browser.
The same origin policy is an important concept in the web application security model. The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number – to access each other’s DOM with no specific restrictions, but prevents access to DOM on different sites. An information disclosure vulnerability exists in Android Browser. The vulnerability is due to validation failure when processing JavaScript functions within web pages. A remote attacker can exploit this vulnerability by enticing a user to view a specially crafted web page using a vulnerable version of Android Browser. Successful exploitation can result in violation of same origin policy, which would disclosure information about other web pages opened by the user or stored in the browser cache. The vulnerability has been assigned as CVE-2014-6041. Dell SonicWALL has released IPS signatures to detect and block specific exploitation attempts targeting this vulnerability. The signatures are listed below:- 5570 Android Browser Same Origin Policy Bypass 1
- 5682 Android Browser Same Origin Policy Bypass 2
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
