{"api_version":"1","generated_at":"2026-06-10T12:16:53+00:00","cve":"CVE-2013-4710","urls":{"html":"https://cve.report/CVE-2013-4710","api":"https://cve.report/api/cve/CVE-2013-4710.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4710","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4710"},"summary":{"title":"CVE-2013-4710","description":"Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.","state":"PUBLISHED","assigner":"jpcert","published_at":"2014-03-03 04:50:46","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://jvn.jp/en/jp/JVN53768697/995293/index.html","name":"http://jvn.jp/en/jp/JVN53768697/995293/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Japan Vulnerability Notes/Information from eAccess Ltd.","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://jvn.jp/en/jp/JVN53768697/995312/index.html","name":"http://jvn.jp/en/jp/JVN53768697/995312/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Japan Vulnerability Notes/Information from NTT DOCOMO, INC.","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://emobile.jp/products/sh/a01sh/systemsoftware.html","name":"http://emobile.jp/products/sh/a01sh/systemsoftware.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://jvn.jp/en/jp/JVN53768697/index.html","name":"http://jvn.jp/en/jp/JVN53768697/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"JVN#53768697: Android OS vulnerable to arbitrary Java method execution","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://jvn.jp/en/jp/JVN53768697/397327/index.html","name":"http://jvn.jp/en/jp/JVN53768697/397327/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Japan Vulnerability Notes/Information from SoftBank","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://jvn.jp/en/jp/JVN53768697/995417/index.html","name":"http://jvn.jp/en/jp/JVN53768697/995417/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Japan Vulnerability Notes/Information from Disney Mobile on SoftBank","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://50.56.33.56/blog/?p=314","name":"http://50.56.33.56/blog/?p=314","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Abusing WebView JavaScript Bridges | dead && end","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://jvn.jp/en/jp/JVN53768697/113349/index.html","name":"http://jvn.jp/en/jp/JVN53768697/113349/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Japan Vulnerability Notes/Information from KDDI CORPORATION","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111","name":"http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2014/02/18/11","name":"http://openwall.com/lists/oss-security/2014/02/18/11","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4710","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4710","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"3.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"3.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"3.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"3.2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"4.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"4.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"4.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"4.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4710","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"4.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2013","cve_id":"4710","cve":"CVE-2013-4710","epss":"0.763810000","percentile":"0.989500000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:11"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T16:52:27.233Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://jvn.jp/en/jp/JVN53768697/113349/index.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://emobile.jp/products/sh/a01sh/systemsoftware.html"},{"name":"JVN#53768697","tags":["third-party-advisory","x_refsource_JVN","x_transferred"],"url":"http://jvn.jp/en/jp/JVN53768697/index.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://jvn.jp/en/jp/JVN53768697/397327/index.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://jvn.jp/en/jp/JVN53768697/995312/index.html"},{"name":"[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://openwall.com/lists/oss-security/2014/02/18/11"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://jvn.jp/en/jp/JVN53768697/995293/index.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://jvn.jp/en/jp/JVN53768697/995417/index.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://50.56.33.56/blog/?p=314"},{"name":"JVNDB-2013-000111","tags":["third-party-advisory","x_refsource_JVNDB","x_transferred"],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-12-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-03-03T01:57:01.000Z","orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://jvn.jp/en/jp/JVN53768697/113349/index.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://emobile.jp/products/sh/a01sh/systemsoftware.html"},{"name":"JVN#53768697","tags":["third-party-advisory","x_refsource_JVN"],"url":"http://jvn.jp/en/jp/JVN53768697/index.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://jvn.jp/en/jp/JVN53768697/397327/index.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://jvn.jp/en/jp/JVN53768697/995312/index.html"},{"name":"[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean","tags":["mailing-list","x_refsource_MLIST"],"url":"http://openwall.com/lists/oss-security/2014/02/18/11"},{"tags":["x_refsource_CONFIRM"],"url":"http://jvn.jp/en/jp/JVN53768697/995293/index.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://jvn.jp/en/jp/JVN53768697/995417/index.html"},{"tags":["x_refsource_MISC"],"url":"http://50.56.33.56/blog/?p=314"},{"name":"JVNDB-2013-000111","tags":["third-party-advisory","x_refsource_JVNDB"],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"vultures@jpcert.or.jp","ID":"CVE-2013-4710","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://jvn.jp/en/jp/JVN53768697/113349/index.html","refsource":"CONFIRM","url":"http://jvn.jp/en/jp/JVN53768697/113349/index.html"},{"name":"http://emobile.jp/products/sh/a01sh/systemsoftware.html","refsource":"CONFIRM","url":"http://emobile.jp/products/sh/a01sh/systemsoftware.html"},{"name":"JVN#53768697","refsource":"JVN","url":"http://jvn.jp/en/jp/JVN53768697/index.html"},{"name":"http://jvn.jp/en/jp/JVN53768697/397327/index.html","refsource":"CONFIRM","url":"http://jvn.jp/en/jp/JVN53768697/397327/index.html"},{"name":"http://jvn.jp/en/jp/JVN53768697/995312/index.html","refsource":"CONFIRM","url":"http://jvn.jp/en/jp/JVN53768697/995312/index.html"},{"name":"[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean","refsource":"MLIST","url":"http://openwall.com/lists/oss-security/2014/02/18/11"},{"name":"http://jvn.jp/en/jp/JVN53768697/995293/index.html","refsource":"CONFIRM","url":"http://jvn.jp/en/jp/JVN53768697/995293/index.html"},{"name":"http://jvn.jp/en/jp/JVN53768697/995417/index.html","refsource":"CONFIRM","url":"http://jvn.jp/en/jp/JVN53768697/995417/index.html"},{"name":"http://50.56.33.56/blog/?p=314","refsource":"MISC","url":"http://50.56.33.56/blog/?p=314"},{"name":"JVNDB-2013-000111","refsource":"JVNDB","url":"http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}]}}}},"cveMetadata":{"assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","assignerShortName":"jpcert","cveId":"CVE-2013-4710","datePublished":"2014-03-03T02:00:00.000Z","dateReserved":"2013-06-26T00:00:00.000Z","dateUpdated":"2024-08-06T16:52:27.233Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-03-03 04:50:46","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*","matchCriteriaId":"6997F035-D2F5-4174-B979-5D42FF69D9AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*","matchCriteriaId":"E1FD2E59-59BF-4611-B65B-A2981127CAC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*","matchCriteriaId":"86BFE05E-9749-43AA-8DB6-E2F13C2E1759"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"4DAAB25F-26E4-4493-B3DA-F87240633031"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"96CD6B49-B9D4-493E-902D-B4EF48260BB0"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*","matchCriteriaId":"FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4710","Ordinal":"1","Title":"CVE-2013-4710","CVE":"CVE-2013-4710","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4710","Ordinal":"1","NoteData":"Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.","Type":"Description","Title":"CVE-2013-4710"},{"CveYear":"2013","CveId":"4710","Ordinal":"2","NoteData":"2014-03-02","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"4710","Ordinal":"3","NoteData":"2014-03-02","Type":"Other","Title":"Modified"}]}}}