Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mi stock browser 10.2.4g |
||
mi redmi 7 firmware - |
||
mi redmi note 7 firmware - |
||
mi redmi note 6 pro firmware - |
||
mi redmi 6 firmware - |
||
mi redmi 6a firmware - |
||
mi redmi s2 firmware - |
||
mi redmi note 5 pro firmware - |
||
mi redmi k20 pro firmware - |
||
mi redmi k20 firmware - |
||
mi redmi 7a firmware - |
||
mi redmi go firmware - |
||
mi redmi note 5 firmware - |
||
mi redmi y3 firmware - |
||
mi redmi note 7s firmware - |
||
mi redmi 4a firmware - |
||
mi redmi note 4 firmware - |
||
mi redmi 5 plus firmware - |
||
mi redmi note 5a prime firmware - |
Vulmon