[guardian-dev] Android WebView SOP vulnerability (CVE-2014-6041)
Adam Kruger
a.kruger at psiphon.ca
Thu Sep 18 11:57:17 EDT 2014
Hey folks. Just wondering what you guys are planning to do about this in
Orweb.
We're planning a release of Psiphon to disable JavaScript entirely (with no
option for it to be enabled) in our built-in browser on Android 3.0 through
4.3 (
https://bitbucket.org/psiphon/psiphon-circumvention-system/branch/CVE-2014-6041-mitigation
).
We haven't seen an authoritative list of affected Android versions, but in
our own testing we found that 2.2 and 2.3 aren't vulnerable.
It seems pretty harsh but we don't have any better ideas to prevent our
users from having an unsafe Internet experience.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140918/8a33b39c/attachment.html>
More information about the Guardian-dev
mailing list