Dolphin Browser for Android

Intent URI Scheme




Dolphin Browser for Android

Product Version

< 12.0.2

Vulnerability Details

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.

Vendor Response

Mobotap has not issued a reponse nor an update to remediate this vulnerability.

Disclosure Timeline

  • Reached out on Twitter and asked to speak with someone who is responsible for product security

  • Emailed requesting to speak with someone who can address security issues in the Dolphin Browser for Android, no response

  • Emailed to verify initial email was received, no response

  • Emailed to inform the public release of an advisory, CC'ed [email protected] and received a bounce on the email address

  • Public zero day release of advisory