CVE-2023-43955
N/A
N/A
Summary
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/actuator/com.phlox.tvwebbrowser
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md
- https://github.com/truefedex/tv-bro/pull/182#issue-1901769895
References
- https://github.com/actuator/com.phlox.tvwebbrowser
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md
- https://github.com/truefedex/tv-bro/pull/182#issue-1901769895
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.