CVE-2010-4804

Vulnerability

CVE-2010-4804 is an information disclosure vulnerability in the Android browser on devices running Android versions prior to 2.3.4. The flaw resides in BrowserActivity.java and BrowserSettings.java within com/android/browser/. By crafting a content:// URI, a remote attacker can bypass same-origin restrictions and read arbitrary files from the device's SD card. The browser automatically downloads referenced files without user prompting and, through JavaScript, can open the downloaded HTML file in a local context, where it can read file contents [1].

Exploitation

An attacker must craft a malicious HTML page or email containing JavaScript that references a content:// URI pointing to a known file on the SD card (e.g., photos with predictable naming). The victim must click on the link to trigger the auto-download of a payload file and then, via JavaScript, the payload automatically opens in the browser. No additional authentication is required beyond the victim's interaction [1].

Impact

Successful exploitation allows the attacker to read arbitrary files stored on the device's SD card, leading to unauthorized disclosure of sensitive data such as photos, documents, or other files with known paths. The attack does not grant code execution or elevated privileges beyond the browser's local file access [1].

Mitigation

Android version 2.3.4 (Gingerbread) addresses this issue by disabling automatic file downloads and preventing JavaScript execution in the local context without user consent. Users should update to Android 2.3.4 or later. No official workaround is available for earlier versions; users are advised to avoid clicking suspicious links until the update is applied [1].