Dolphin Browser for Android | Security Research Advisory | VerSprite Dolphin Browser for Android | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  Dolphin Browser for Android

Dolphin Browser for Android

Intent URI Scheme

CVE ID

CVE-2017-17553

VENDOR

Mobotap

PRODUCT

Dolphin Browser for Android

Product version

< 12.0.2

Vulnerability Details

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.

Vendor response

Mobotap has not issued a reponse nor an update to remediate this vulnerability.

Disclosure timeline

2017-11-28 - Reached out on Twitter and asked to speak with someone who is responsible for product security
2017-12-04 - Emailed requesting to speak with someone who can address security issues in the Dolphin Browser for Android, no response
2017-12-07 - Emailed to verify initial email was received, no response
2017-12-10 - Emailed to inform the public release of an advisory, CC'ed [email protected] and received a bounce on the email address
2017-12-11 - Public zero day release of advisory

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2018 VerSprite - All Rights Reserved