context of any domain; therefore, this vulnerability has the same implications as global XSS, albeit from an installed application rather than another website.
Android 2.3.5 and 3.2 have been released, which incorporate a fix for this bug. Patches are available for Android 2.2.* and will be released at a later date. Organizations can contact firstname.lastname@example.org for patch information.
The complete advisory can be found here.
Demo of the PoC:
We would like to thank the Android Security Team for the efficient and quick way in which they handled this security issue.