Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mi stock browser 10.2.4g |
||
mi redmi_7_firmware - |
||
mi redmi_note_7_firmware - |
||
mi redmi_note_6_pro_firmware - |
||
mi redmi_6_firmware - |
||
mi redmi_6a_firmware - |
||
mi redmi_s2_firmware - |
||
mi redmi_note_5_pro_firmware - |
||
mi redmi_k20_pro_firmware - |
||
mi redmi_k20_firmware - |
||
mi redmi_7a_firmware - |
||
mi redmi_go_firmware - |
||
mi redmi_note_5_firmware - |
||
mi redmi_y3_firmware - |
||
mi redmi_note_7s_firmware - |
||
mi redmi_4a_firmware - |
||
mi redmi_note_4_firmware - |
||
mi redmi_5_plus_firmware - |
||
mi redmi_note_5a_prime_firmware - |
Vulmon