CVE-2014-1449

The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browser-for.html	Exploit
http://www.maxthon.com/android/changelog/	Vendor Advisory
http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browser-for.html	Exploit
http://www.maxthon.com/android/changelog/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:maxthon:maxthon_cloud_browser:*:*:*:*:*:android:*:*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browser-for.html - Exploit~~	() http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browser-for.html - Exploit
References	~~() http://www.maxthon.com/android/changelog/ - Vendor Advisory~~	() http://www.maxthon.com/android/changelog/ - Vendor Advisory

Information

Published : 2014-12-25 21:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-1449

Mitre link : CVE-2014-1449

CVE.ORG link : CVE-2014-1449

JSON object : View

Products Affected

maxthon

maxthon_cloud_browser

CWE

CWE-284

Improper Access Control

{"id": "CVE-2014-1449", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-25T21:59:00.060", "references": [{"url": "http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browser-for.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.maxthon.com/android/changelog/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browser-for.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.maxthon.com/android/changelog/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API."}, {"lang": "es", "value": "La aplicaci\u00f3n para Android Maxthon Cloud Browser anterior a 4.1.6.2000 permite a atacantes remotos suplantar la barra de direcci\u00f3n a trav\u00e9s de un c\u00f3digo JavaScript modificado que utiliza el hist\u00f3rico de la API."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maxthon:maxthon_cloud_browser:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "0D11CF76-7046-46C7-96C8-1311E5E6CEC2", "versionEndIncluding": "4.1.5.2000"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10