[Japanese]

JVNDB-2012-000111

Boat Browser / Boat Browser Mini vulnerable in the WebView class

Overview

Boat Browser and Boat Browser Mini contain an issue in the WebView class.

Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 1.2 (Low) [NVD Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


Boat Browser
  • Boat Browser versions prior to 4.2
  • Boat Browser Mini versions prior to 3.9

Impact

If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Boat Browser
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-5179
References

  1. JVN : JVN#69589791
  2. National Vulnerability Database (NVD) : CVE-2012-5179
Revision History

[2012/12/20]
  Web page was published