CVE-2014-1449 : The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remot

The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

Published 2014-12-25 21:59:00

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-1449

Maxthon » Maxthon Cloud Browser » For Android
Versions up to, including, (<=) 4.1.5.2000
cpe:2.3:a:maxthon:maxthon_cloud_browser:*:*:*:*:*:android:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-1449

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1449

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-1449

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1449

http://browser-shredders.blogspot.com/2014/01/cve-2014-1449-maxthon-cloud-browser-for.html

Browser Shredders: [CVE-2014-1449] Maxthon Cloud Browser for Android 4.1.4.2000 Address Bar Spoofing
Exploit
http://www.maxthon.com/android/changelog/

Changelog - Maxthon for Android | Maxthon Browser
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-1449

Products affected by CVE-2014-1449

Exploit prediction scoring system (EPSS) score for CVE-2014-1449

CVSS scores for CVE-2014-1449

CWE ids for CVE-2014-1449

References for CVE-2014-1449