CVE-2024-31974

May 17, 2024, 6:35 p.m.

Tags

cve@mitre.org
2024-05-17
CVE-2024-31974

Product(s) Impacted

Solarized FireDown Browser & Downloader

  • 1.0.76

Solarized FireDown Browser & Downloader for Android

  • 1.0.76

Description

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).

Weaknesses

Date

Published: May 17, 2024, 4:15 p.m.

Last Modified: May 17, 2024, 6:35 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974
cve@mitre.org