CVE-2014-1939

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
googleandroid
𝑥
≤ 4.3.1
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html
http://openwall.com/lists/oss-security/2014/02/11/2
https://support.lenovo.com/us/en/product_security/len_6421
http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html
http://openwall.com/lists/oss-security/2014/02/11/2
https://support.lenovo.com/us/en/product_security/len_6421