Cordova Android
Up to 3.6.4
Apply patches
Cordova uses a bridge that allows the Native Application to communicate with the HTML and Javascript that control the user interface. To protect this bridge on Android, from third-party hijacking, the framework uses a random value (BridgeSecret). However, BridgeSecret is not sufficiently random and can be determined in certain scenarios, allowing the adversary to bypass this protection mechanism.