Framer Preview App 12 for Android Allows Unauthorized Loading of Web Content

Framer Preview App 12 for Android Allows Unauthorized Loading of Web Content

CVE-2020-25203 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.

Learn more about our Cis Benchmark Audit For Google Android.