Boat Browser / Boat Browser Mini vulnerable in the WebView class


Boat Browser and Boat Browser Mini contain an issue in the WebView class.

Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 1.2 (Low) [NVD Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

Boat Browser
  • Boat Browser versions prior to 4.2
  • Boat Browser Mini versions prior to 3.9


If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed.

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Boat Browser
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-5179

  1. JVN : JVN#69589791
  2. National Vulnerability Database (NVD) : CVE-2012-5179
Revision History

  • [2012/12/20]
      Web page was published