Apache Cordova for Android
3.5.0 and below
Upgrade to 3.5.1 or later
Cordova overrides shouldOverrideUrlLoading(). All schemes that are not specifically handled by Cordova’s shouldOverrideUrlLoading() function are launched in the default viewer. If an attacker causes the WebView to load a new URL (such as by using location.href), shouldOverrideUrlLoading() will be called. This is independent of a CVE-2014-3501 that could occur due to shouldInterceptRequest(). Therefore if an attacker specifies an URL that is not present in the whitelist, Cordova will proceed to launch that URL using the default viewer.