Security - 4.2 0002 - system browser vulnerability - CVE-2014-6041
Added by My Self over 10 years ago
Seems that the Replicant /system/app/browser(.apk) have to be affected, too:
https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041
Are there any plans to attend to that security flaw (in future Replicant releases)?
I for my part switched to another browser for a while:
https://f-droid.org/repository/browse/?fdfilter=lightning&fdid=acr.browser.lightning
but this doesn't help either:
https://github.com/anthonycr/Lightning-Browser/issues/123
Replies (3)
RE: Security - 4.2 0002 - system browser vulnerability? (CVE-2014-6041) - Added by Paul Kocialkowski over 10 years ago
Are there any plans to attend to that security flaw (in future Replicant releases)?
Please point me to a patch I can include in our tree to fix this particular issue.
RE: Security - 4.2 0002 - system browser vulnerability? (CVE-2014-6041) - Added by My Self over 10 years ago
I've found the AOSP patches (for Android versions less than 4.4) within the comments of the initial link:
https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041#comment-4917
Explicit pointers:
https://android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87
https://android.googlesource.com/platform/external/webkit/+/7e4405a7a12750ee27325f065b9825c25b40598c
Thanks for your support in this case.
RE: Security - 4.2 0002 - system browser vulnerability? (CVE-2014-6041) - Added by Paul Kocialkowski over 10 years ago
Thanks, those patches were applied to the tree and will be part of the next batch of Replicant 4.2 images!