VAR-201403-0224
Vulnerability from variot - Updated: 2025-04-13 23:18java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. Google Android Jelly Bean is prone to an unspecified security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Google Chrome is a web browser developed by Google (Google). Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). The vulnerability stems from the fact that the program uses the addJavascriptInterface API and creates an object of the SearchBoxImpl class
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "4.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.2.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.3"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "4.0.1"
},
{
"model": "android",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "4.3.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "4.0.4"
},
{
"model": "android",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "4.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "4.0.2"
},
{
"model": "shareit",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "3.5.88_ww"
},
{
"model": "android",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "4.0.3"
},
{
"model": "android",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "4.2.1"
},
{
"model": "android",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.3.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.1"
}
],
"sources": [
{
"db": "BID",
"id": "65473"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-037"
},
{
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joshua J. Drak",
"sources": [
{
"db": "BID",
"id": "65473"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1939",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1939",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-69878",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1939",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1939",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-69878",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-1939",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69878"
},
{
"db": "VULMON",
"id": "CVE-2014-1939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-037"
},
{
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. Google Android Jelly Bean is prone to an unspecified security vulnerability. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. Google Chrome is a web browser developed by Google (Google). Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). The vulnerability stems from the fact that the program uses the addJavascriptInterface API and creates an object of the SearchBoxImpl class",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"db": "BID",
"id": "65473"
},
{
"db": "VULHUB",
"id": "VHN-69878"
},
{
"db": "VULMON",
"id": "CVE-2014-1939"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1939",
"trust": 2.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/02/11/2",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-037",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20140210 CVE-2014-1939 SEARCHBOXJAVABRIDGE_ IN ANDROID JELLY BEAN",
"trust": 0.6
},
{
"db": "BID",
"id": "65473",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-69878",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1939",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69878"
},
{
"db": "VULMON",
"id": "CVE-2014-1939"
},
{
"db": "BID",
"id": "65473"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-037"
},
{
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"id": "VAR-201403-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69878"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:55.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Introducing Chromium-powered Android WebView",
"trust": 0.8,
"url": "http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html"
},
{
"title": "WebViewCompat",
"trust": 0.1,
"url": "https://github.com/BCsl/WebViewCompat "
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/results-of-poc-publishing/74724/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-1939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69878"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://openwall.com/lists/oss-security/2014/02/11/2"
},
{
"trust": 1.8,
"url": "http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html"
},
{
"trust": 1.2,
"url": "https://support.lenovo.com/us/en/product_security/len_6421"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1939"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1939"
},
{
"trust": 0.3,
"url": "http://code.google.com/android/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2014/q1/311"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2014/q1/313"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/65473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/bcsl/webviewcompat"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69878"
},
{
"db": "VULMON",
"id": "CVE-2014-1939"
},
{
"db": "BID",
"id": "65473"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-037"
},
{
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69878"
},
{
"db": "VULMON",
"id": "CVE-2014-1939"
},
{
"db": "BID",
"id": "65473"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-037"
},
{
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-69878"
},
{
"date": "2014-03-03T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1939"
},
{
"date": "2014-02-10T00:00:00",
"db": "BID",
"id": "65473"
},
{
"date": "2014-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"date": "2014-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-037"
},
{
"date": "2014-03-03T04:50:46.453000",
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-69878"
},
{
"date": "2016-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1939"
},
{
"date": "2014-02-10T00:00:00",
"db": "BID",
"id": "65473"
},
{
"date": "2014-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001554"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-037"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-1939"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Android of java/android/webkit/BrowserFrame.java In any Java Code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001554"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-037"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…