CVE-2012-2645

Published: Jul 16, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

Affected (1)

Products: Yahoo: Yahoo! Browser

Yahoo

1 product

Yahoo! Browser

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yahoo Yahoo! Browser	Up to 1.2.0

Running on/with	Platform Versions
Google Android	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://jvn.jp/en/jp/JVN46088915/index.html

Source: vultures@jpcert.or.jp

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000070

Source: vultures@jpcert.or.jp

http://secunia.com/advisories/49905

Source: vultures@jpcert.or.jp

http://www.securityfocus.com/bid/54488

Source: vultures@jpcert.or.jp

https://play.google.com/store/apps/details?id=jp.co.yahoo.android.ybrowser

Source: vultures@jpcert.or.jp

Patch

http://jvn.jp/en/jp/JVN46088915/index.html