製品・ソフトウェアに関する情報

JVN脆弱性詳細

Sleipnir Mobile for Android において任意のエクステンション API が呼び出される脆弱性

Title	Sleipnir Mobile for Android において任意のエクステンション API が呼び出される脆弱性
Summary	Sleipnir Mobile for Android では、ブラウザの機能をカスタマイズするためのエクステンションという仕組みがあり、エクステンションから呼び出されることを想定したエクステンション API が提供されています。 Sleipnir Mobile for Android には、細工されたウェブページから任意のエクステンション API を呼び出される脆弱性が存在します。この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。報告者: keitahaga.com Keita Haga 氏
Possible impacts	細工されたウェブページにアクセスすることで、意図しないファイルをダウンロードさせられたり、当該ブラウザでログイン済みのサイトの HTTP レスポンスボディの情報を窃取されたりする可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。
Publication Date	April 12, 2013, midnight
Registration Date	April 12, 2013, 12:01 p.m.
Last Update	April 12, 2013, 12:01 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:N

Affected System

フェンリル株式会社

Sleipnir Mobile for Android 2.8.0 およびそれ以前

Sleipnir Mobile for Android Black Edition 2.8.0 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-2304	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2304
National Vulnerability Database (NVD)
2	CVE-2013-2304	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2304

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Google Play
1	Sleipnir Mobile - ウェブブラウザ - Google Play の Android アプリ	https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir
2	Sleipnir Mobile Black Edition - Google Play の Android アプリ	https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black

その他

No	Name	URL
JVN
1	JVN#02895867	http://jvn.jp/jp/JVN02895867/index.html

Change Log

No	Changed Details	Date of change
0	[2013年04月12日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-2304

Summary	The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page.
Publication Date	April 16, 2013, 11:04 p.m.
Registration Date	Jan. 26, 2021, 3:38 p.m.
Last Update	Nov. 21, 2024, 10:51 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:fenrir-inc:sleipnir_mobile::::::::			2.8.0
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:alpha::::::
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1::::::
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:rc::::::
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.1.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.2.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.3.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.4.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.6.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.2:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.3:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.4:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.1.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.2:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.3:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.3.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.6.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.7.0:::::::*
execution environment
1	cpe:2.3:o:google:android::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:fenrir-inc:sleipnir_mobile::-:black:::::			2.8.0
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:alpha:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:rc:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.1.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.2.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.3.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.4.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.6.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.2:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.3:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.4:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.1.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.2:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.3:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.3.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.6.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.7.0:-:black:::::*
execution environment
1	cpe:2.3:o:google:android::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://jvn.jp/en/jp/JVN02895867/index.html
2	http://jvn.jp/en/jp/JVN02895867/index.html
3	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000033
4	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000033

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:fenrir-inc:sleipnir_mobile::::::::			2.8.0
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:alpha::::::
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1::::::
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:rc::::::
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.1.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.2.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.3.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.4.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.6.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.2:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.3:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.4:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.1.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.2:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.3:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.3.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.1:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.6.0:::::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.7.0:::::::*
execution environment
1	cpe:2.3:o:google:android::::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:fenrir-inc:sleipnir_mobile::-:black:::::			2.8.0
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:alpha:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:rc:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.1.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.2.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.3.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.4.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.5.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.6.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:1.7.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.2:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.3:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.0.4:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.1.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.2:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.2.3:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.3.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.4.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.5.1:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.6.0:-:black:::::*
cpe:2.3:a:fenrir-inc:sleipnir_mobile:2.7.0:-:black:::::*
execution environment
1	cpe:2.3:o:google:android::::::::