Lucene search

F-SecureUSCVELIST:CVE-2021-33594

HistoryAug 11, 2021 - 10:28 a.m.

CVE-2021-33594 F-Secure Safe browser for Android vulnerable to Address Bar Spoofing

2021-08-1110:28:33

F-SecureUS

www.cve.org

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

JSON

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.

CNA Affected

[
  {
    "platforms": [
      "Android"
    ],
    "product": "F-Secure Mobile Security",
    "vendor": "F-Secure",
    "versions": [
      {
        "lessThan": "18.3x*",
        "status": "affected",
        "version": "18.4x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame

www.f-secure.com/en/business/support-and-downloads/security-advisories

www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for CVELIST:CVE-2021-33594