HomeAdvisoriesDolphin Browser for Android

Dolphin Browser for Android

Intent URI Scheme

Next Advisory

CVE ID

CVE-2017-17553

Vendor

Mobotap

Product

Dolphin Browser for Android

Product Version

< 12.0.2

Vulnerability Details

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.

Learn more

Vendor Response

Mobotap has not issued a reponse nor an update to remediate this vulnerability.

Disclosure Timeline

28.11.2017
Reached out on Twitter and asked to speak with someone who is responsible for product security
04.12.2017
Emailed requesting to speak with someone who can address security issues in the Dolphin Browser for Android, no response
07.12.2017
Emailed to verify initial email was received, no response
10.12.2017
Emailed to inform the public release of an advisory, CC'ed [email protected] and received a bounce on the email address
11.12.2017
Public zero day release of advisory

Next Advisory

A Look at RACI Models within Application Threat Modeling

Offensive Security

DevSecOps

GRC Services

Threat Intelligence

VS-Labs Security Research

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

5 Steps to Implement an Application Threat Modeling Program

Who We Are

Dolphin Browser for Android

CVE ID

Vendor

Product

Product Version

Vulnerability Details

Vendor Response

Disclosure Timeline