Skip to content

Latest commit

 

History

History
24 lines (22 loc) · 1.36 KB

VS-2017-002.md

File metadata and controls

24 lines (22 loc) · 1.36 KB
Raw

[VS-2017-002] Dolphin Browser for Android Insecure Intent URI Scheme Parsing Vulnerability

CVE ID

CVE-2017-17553

CVSS Score

https://nvd.nist.gov/vuln/detail/CVE-2017-17553

Vendor

Mobotap

Product

Dolphin Browser for Android < 12.0.2

Vulnerability Details

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.

Vendor Response

Mobotap has not issued a reponse nor an update to remediate this vulnerability

Disclosure Timeline

  • 2017-11-28 - Reached out on Twitter and asked to speak with someone who is responsible for product security
  • 2017-12-04 - Emailed requesting to speak with someone who can address security issues in the Dolphin Browser for Android, no response
  • 2017-12-07 - Emailed to verify initial email was received, no response
  • 2017-12-10 - Emailed to inform the public release of an advisory, CC'ed [email protected] and received a bounce on the email address
  • 2017-12-11 - Public zero day release of advisory

Credit

Benjamin Watson of VerSprite Security (@rotlogix)