CVE-2014-5318 : The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via craft

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Published 2014-09-26 10:55:05

Updated 2017-01-07 03:00:27

Source JPCERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-5318

Probability of exploitation activity in the next 30 days: 0.37%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000108

JVNDB-2014-000108 - JVN iPedia - 脆弱性対策情報データベース
https://www.facebook.com/jigbrowserplus

Page Not Found | Facebook
http://www.securityfocus.com/bid/70146

jigbrowser+ for iOS Same Origin Policy Security Bypass Vulnerability
http://jvn.jp/en/jp/JVN80531230/index.html

JVN#80531230: jigbrowser+ for iOS same origin policy bypass

JIG » Jigbrowser+
Versions up to, including, (<=) 1.8.1
cpe:2.3:a:jig:jigbrowser\+:*:*:*:*:*:*:*:*
Matching versions
JIG » Jigbrowser+ » Version: 1.8.0
cpe:2.3:a:jig:jigbrowser\+:1.8.0:*:*:*:*:*:*:*
Matching versions