Open Handset Alliance Android is prone to the following vulnerabilities:
1. A security weakness.
2. A cross-site scripting vulnerability.
3. Multiple cross-domain scripting vulnerabilities.
Successfully exploiting these issues may allow an attacker to bypass the same-origin protection and obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
Open Handset Alliance Android is prone to a security vulnerability that may allow attackers to spoof SSL certificates.
Attackers can exploit this issue to display incorrect SSL certificates. Successful exploits will cause victims to assume that they are viewing a legitimate site.
Open Handset Alliance Android is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices.
An attacker with physical access to a locked device can exploit this issue to bypass the passcode. Successful exploits may lead to other attacks.
Android is prone to an information-disclosure vulnerability.
A remote attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks.
Android from Open Handset Alliance is prone to a security-bypass vulnerability because the screen lock may be bypassed.
Successful exploits can allow an attacker with physical access to a vulnerable phone to perform unauthorized actions or obtain sensitive information.
Android 2.0.1 running on the Motorola Droid phone is vulnerable.
Android Web Browser is prone to an unspecified remote code-execution vulnerability.
Successful exploits allow attackers to execute arbitrary code in the context of the browser. Note that attackers can exploit this issue to compromise only the browser, which may result in information-disclosure attacks.
Reportedly, this issue stems from an older vulnerability in one of the third-party packages used by Android. No further details are currently available. We will update or retire this BID when more information emerges.
NOTE: The HTC T-Mobile G1 phone ships with a vulnerable version of Android and is also affected by this issue.