Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.
[
{
"product": "Yandex Browser",
"vendor": "Yandex N.V.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 16.9.0"
}
]
}
]