Exploiting the Mercury Browser for Android

Overview The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. Chaining these vulnerabilities together can allow a remote attacker to perform arbitrary reading and writing of files within the…

Remote Code Execution in Dolphin Browser for Android

Update The PoC is located here: https://www.youtube.com/watch?v=hhpP1rYn_B0 A patch was released on August 27, 2015, update now! Overview An attacker with the ability to control the network traffic for users of the Dolphin Browser for Android, can modify the functionality of downloading and…