{"id":"ASB-A-141745510","details":"In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-141745510","CVE-2020-0099"],"modified":"2026-04-10T16:16:18.068628Z","published":"2020-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-12-01"}]}],"versions":["8.0"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java","function":"Presentation"},"signature_type":"Function","digest":{"length":428,"function_hash":"16470296595748302751429615350403835435"},"deprecated":false,"id":"ASB-A-141745510-91df2d31"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["284739123596893706868441310605521816554","310910491252385827482529463668437167198","164078704569361445881907929766921961692","212498877347547688308971838242367858741","151668555048620502282814188416117780957","293800099826551194011851465065689510334","88104751500865165448568543323299979499","282737449069670697323443487352111097156","148747968208670788585632901034177801255","98801012437365175927273974576064122844","180933921665634626912029726772295855683","180039528865902641544979902937390293156","150894201314947685218659398085326463185","247168711585419387284883360734956304431","259954851331771414546839594935212947561","181189371768132502709086886598266580827","32830964378343325304109610718441944125","109397249449679003589181006586383226057","238165953028879001977921284023031322337","239808822552779414125607017816175416786","111510957775210277667436632969356236231","212708508222384534560503446598766847155","115419455924734461829589099314736281194","12729223600110911345623445160613884852","107989678609931950492204246501756882708","260928118046867730168350260999058048151","29178769816291715695478212850673987886","184954786133671830976896438004284615595","146835545390191456411925823945455502470","33158603333309345937165840096746272737","144440662019802877075626263617492032298","260116777355025482366584024617753373685"]},"deprecated":false,"id":"ASB-A-141745510-94e2802a"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["234069422119696202154083242380740807887","191948924181362536245303968468935497427","75479889889848254181899260583783995296","214187471240762794777306020249339973221","119220530006493209690353392747817253960","267291635559972868242144434577681713842","237064503174190504491352634040300410073"]},"deprecated":false,"id":"ASB-A-141745510-aaa34f23"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java","function":"addWindow"},"signature_type":"Function","digest":{"length":11726,"function_hash":"289033905442372113596197774409108073352"},"deprecated":false,"id":"ASB-A-141745510-c06fd262"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e"],"severity":"High","spl":"2020-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-141745510.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-12-01"}]}],"versions":["8.1"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java","function":"Presentation"},"signature_type":"Function","digest":{"length":428,"function_hash":"16470296595748302751429615350403835435"},"deprecated":false,"id":"ASB-A-141745510-08359386"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["234069422119696202154083242380740807887","191948924181362536245303968468935497427","75479889889848254181899260583783995296","214187471240762794777306020249339973221","119220530006493209690353392747817253960","267291635559972868242144434577681713842","237064503174190504491352634040300410073"]},"deprecated":false,"id":"ASB-A-141745510-1205cc3f"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["284739123596893706868441310605521816554","310910491252385827482529463668437167198","164078704569361445881907929766921961692","212498877347547688308971838242367858741","151668555048620502282814188416117780957","293800099826551194011851465065689510334","88104751500865165448568543323299979499","282737449069670697323443487352111097156","148747968208670788585632901034177801255","98801012437365175927273974576064122844","180933921665634626912029726772295855683","180039528865902641544979902937390293156","150894201314947685218659398085326463185","247168711585419387284883360734956304431","259954851331771414546839594935212947561","181189371768132502709086886598266580827","32830964378343325304109610718441944125","109397249449679003589181006586383226057","238165953028879001977921284023031322337","239808822552779414125607017816175416786","111510957775210277667436632969356236231","212708508222384534560503446598766847155","115419455924734461829589099314736281194","12729223600110911345623445160613884852","107989678609931950492204246501756882708","260928118046867730168350260999058048151","29178769816291715695478212850673987886","184954786133671830976896438004284615595","146835545390191456411925823945455502470","33158603333309345937165840096746272737","144440662019802877075626263617492032298","260116777355025482366584024617753373685"]},"deprecated":false,"id":"ASB-A-141745510-7c2394ec"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java","function":"addWindow"},"signature_type":"Function","digest":{"length":11726,"function_hash":"289033905442372113596197774409108073352"},"deprecated":false,"id":"ASB-A-141745510-baccc2fc"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e"],"severity":"High","spl":"2020-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-141745510.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-12-01"}]}],"versions":["9"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java","function":"addWindow"},"signature_type":"Function","digest":{"length":11726,"function_hash":"289033905442372113596197774409108073352"},"deprecated":false,"id":"ASB-A-141745510-6cc51360"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java","function":"Presentation"},"signature_type":"Function","digest":{"length":428,"function_hash":"16470296595748302751429615350403835435"},"deprecated":false,"id":"ASB-A-141745510-865c719f"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["284739123596893706868441310605521816554","310910491252385827482529463668437167198","164078704569361445881907929766921961692","212498877347547688308971838242367858741","151668555048620502282814188416117780957","293800099826551194011851465065689510334","88104751500865165448568543323299979499","282737449069670697323443487352111097156","148747968208670788585632901034177801255","98801012437365175927273974576064122844","180933921665634626912029726772295855683","180039528865902641544979902937390293156","150894201314947685218659398085326463185","247168711585419387284883360734956304431","259954851331771414546839594935212947561","181189371768132502709086886598266580827","32830964378343325304109610718441944125","109397249449679003589181006586383226057","238165953028879001977921284023031322337","239808822552779414125607017816175416786","111510957775210277667436632969356236231","212708508222384534560503446598766847155","115419455924734461829589099314736281194","12729223600110911345623445160613884852","107989678609931950492204246501756882708","260928118046867730168350260999058048151","29178769816291715695478212850673987886","184954786133671830976896438004284615595","146835545390191456411925823945455502470","33158603333309345937165840096746272737","144440662019802877075626263617492032298","260116777355025482366584024617753373685"]},"deprecated":false,"id":"ASB-A-141745510-d79c89c9"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["234069422119696202154083242380740807887","191948924181362536245303968468935497427","75479889889848254181899260583783995296","214187471240762794777306020249339973221","119220530006493209690353392747817253960","267291635559972868242144434577681713842","237064503174190504491352634040300410073"]},"deprecated":false,"id":"ASB-A-141745510-e9fd4e87"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e"],"severity":"High","spl":"2020-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-141745510.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-12-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["234069422119696202154083242380740807887","191948924181362536245303968468935497427","75479889889848254181899260583783995296","214187471240762794777306020249339973221","119220530006493209690353392747817253960","267291635559972868242144434577681713842","237064503174190504491352634040300410073"]},"deprecated":false,"id":"ASB-A-141745510-5023bdb2"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowManagerService.java","function":"addWindow"},"signature_type":"Function","digest":{"length":11726,"function_hash":"289033905442372113596197774409108073352"},"deprecated":false,"id":"ASB-A-141745510-5c609d4e"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java","function":"Presentation"},"signature_type":"Function","digest":{"length":428,"function_hash":"16470296595748302751429615350403835435"},"deprecated":false,"id":"ASB-A-141745510-694e8bff"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e","signature_version":"v1","target":{"file":"core/java/android/app/Presentation.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["284739123596893706868441310605521816554","310910491252385827482529463668437167198","164078704569361445881907929766921961692","212498877347547688308971838242367858741","151668555048620502282814188416117780957","293800099826551194011851465065689510334","88104751500865165448568543323299979499","282737449069670697323443487352111097156","148747968208670788585632901034177801255","98801012437365175927273974576064122844","180933921665634626912029726772295855683","180039528865902641544979902937390293156","150894201314947685218659398085326463185","247168711585419387284883360734956304431","259954851331771414546839594935212947561","181189371768132502709086886598266580827","32830964378343325304109610718441944125","109397249449679003589181006586383226057","238165953028879001977921284023031322337","239808822552779414125607017816175416786","111510957775210277667436632969356236231","212708508222384534560503446598766847155","115419455924734461829589099314736281194","12729223600110911345623445160613884852","107989678609931950492204246501756882708","260928118046867730168350260999058048151","29178769816291715695478212850673987886","184954786133671830976896438004284615595","146835545390191456411925823945455502470","33158603333309345937165840096746272737","144440662019802877075626263617492032298","260116777355025482366584024617753373685"]},"deprecated":false,"id":"ASB-A-141745510-cec409ec"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e"],"severity":"High","spl":"2020-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-141745510.json"}}],"schema_version":"1.7.5"}