UBUNTU-CVE-2012-6636

Source
https://ubuntu.com/security/CVE-2012-6636
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6636.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2012-6636
Upstream
  • CVE-2012-6636
Published
2014-03-03T04:50:00Z
Modified
2025-10-24T04:44:58Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.

References

Affected packages

Ubuntu:16.04:LTS / cordova-ubuntu-3.4

Package

Name
cordova-ubuntu-3.4
Purl
pkg:deb/ubuntu/cordova-ubuntu-3.4@3.4~pre3.r19ubuntu1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.4~pre3.r19ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ubuntu-html5-platform-3.4-dev",
            "binary_version": "3.4~pre3.r19ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6636.json"