Information disclosure in Google Android

CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

Vulnerability class: Information Disclosure

EPSS: 0.010 (59.1th percentile) — read the EPSS interpretation.

Affected products

Google Android
Opera Opera_browser — versions 1.00, 10.00, 10.01
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

opera-android-cve20140815-info-disc(91090) (vdb-entry, x_refsource_XF)
JVNDB-2014-000014 (x_refsource_JVNDB, third-party-advisory)
65391 (vdb-entry, x_refsource_BID)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Vendor Advisory)
JVN#23256725 (x_refsource_JVN, third-party-advisory)