The com.solarized.firedown (aka Solarized FireDown...
Moderate severity
Unreviewed
Published
May 17, 2024
to the GitHub Advisory Database
•
Updated Jul 3, 2024
Description
Published by the National Vulnerability Database
May 17, 2024
Published to the GitHub Advisory Database
May 17, 2024
Last updated
Jul 3, 2024
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).
References