CVE-2014-1449 — MEDIUM (5.0)

Q: What is CVE-2014-1449?

CVE-2014-1449 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

Q: How severe is CVE-2014-1449?

CVE-2014-1449 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1449?

Check the references section above for vendor advisories and patch information. Affected products include: Maxthon Maxthon Cloud Browser.

Vulnerability Description

The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Maxthon	Maxthon Cloud Browser	<= 4.1.5.2000

Related Weaknesses (CWE)

CWE-284

References

http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browseExploit
http://www.maxthon.com/android/changelog/Vendor Advisory
http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browseExploit
http://www.maxthon.com/android/changelog/Vendor Advisory

FAQ

What is CVE-2014-1449?

CVE-2014-1449 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

How severe is CVE-2014-1449?

CVE-2014-1449 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1449?

Check the references section above for vendor advisories and patch information. Affected products include: Maxthon Maxthon Cloud Browser.