CVE-2024-31974

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974
https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974

Configurations

No configuration.

History

21 Nov 2024, 09:14

Type	Values Removed	Values Added
References	~~() https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974 -~~	() https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974 -

03 Jul 2024, 01:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.3
CWE		CWE-94

17 May 2024, 18:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-17 16:15

Updated : 2024-11-21 09:14

NVD link : CVE-2024-31974

Mitre link : CVE-2024-31974

CVE.ORG link : CVE-2024-31974

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

6.3 /10