19 matches found
CVE-2021-44751
The CVE describes a vulnerability in the F-Secure SAFE browser where a malicious website containing USSD code via JavaScript or an iframe can trigger the browser’s dialer. This could allow an attacker to send USSD messages or initiate calls. The impact notes that on most modern Androids the diale...
CVE-2021-44748
CVE-2021-44748 affects F-Secure SAFE Browser for Android. Connected CNVD entry describes a universal cross-site scripting vulnerability in the Android SAFE Browser, enabling remote JavaScript execution via image loading. The initial description also notes image loading and potential XSS with user...
CVE-2021-44749
F-Secure SAFE Browser Protection for Android is reported vulnerable to universal cross-site scripting due to improper URL handling in the SAFE browser protection module. The vulnerability could allow arbitrary code execution; user interaction is required for exploitation. Connected sources refere...
CVE-2022-28870
CVE-2022-28870 affects the F-Secure SAFE browser. The vulnerability allows address bar spoofing when navigation fails, enabling phishing via a malicious site. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, low attack complexity, no privileges, user interaction required. Publi...
CVE-2022-28869
CVE-2022-28869 affects F-Secure SAFE browser (Android in CVE records) where the browser does not display the full URL, such as the port number, enabling address-bar spoofing. This could allow phishing attacks via malicious sites exploiting the UI omission. The vulnerability description consistent...
CVE-2022-28872
CVE-2022-28872 describes a vulnerability in the F-Secure SAFE browser (Android variant) where a malicious site could trigger phishing via address bar spoofing if navigation fails in a loop. The issue is that the address bar is not correctly represented, enabling deception of the user. The availab...
CVE-2022-28873
CVE-2022-28873 describes a vulnerability in the F-Secure SAFE browser where an attacker could abuse the Javascript window.open functionality to perform an address bar spoofing attack. The NVD entry lists a CVSS v3.1 base score of 4.3 (Medium) with attack vector Network, no privileges, user intera...
CVE-2022-28868
CVE-2022-28868 describes an address bar spoofing vulnerability in F-Secure Safe Browser for Android . When a user visits a specially crafted malicious page/URL, they may briefly believe content is from a legitimate domain while it is served from an attacker-controlled site. The connected document...
CVE-2022-38164
CVE-2022-38164 affects the F-Secure SAFE browser for Android and iOS. The vulnerability allows a malicious website to perform a URL-spoofing phishing attack because the browser displays only a portion of the full URL, enabling misleading URLs. The connected sources do not provide concrete patch v...
CVE-2022-38163
The CVE-2022-38163 entry describes a drag-and-drop spoof vulnerability in F-Secure SAFE Browser for Android and iOS (versions = 19.0.1 or newer as applicable) and to avoid drag-and-drop actions on the address bar until patched. If details are updated (e.g., explicit exploit activity), they should...
CVE-2021-40835
CVE-2021-40835 affects F-Secure Safe Browser for iOS. The issue is an URL address bar spoofing vulnerability where a specially crafted URL with an extremely long username part can mislead users into thinking content comes from a valid domain. The described root cause is that the username portion ...
CVE-2019-11644
The CVE-2019-11644 entry describes a local privilege escalation in the Windows installers for F-Secure products (SAFE for Windows before 17.6; Internet Security before 17.6; Anti-Virus before 17.6; Client Security Standard/Premium before 14.10; PSB Workstation Security before 12.01; Computer Prot...
CVE-2021-33595
Affected product. Safe Browser for iOS (F-Secure Safe Browser). Issue. Address bar spoofing: the address bar shows a legitimate URL while loading content from another domain, causing users to believe the content is from a trusted site. Root cause (as described). A mismatch between displayed URL a...
CVE-2020-14977
The CVE affects F-Secure SAFE 17.7 on macOS. The vulnerability arises because XPC services identify connecting clients by PID, enabling a PID reuse attack that lets an attacker connect to a privileged XPC service and execute privileged commands, provided the attacker already compromised the machi...
CVE-2022-47524
CVE-2022-47524 affects F-Secure SAFE Browser on Android (version 19.1 prior to 19.2). The issue is an IDN homograph attack that could enable spoofing of legitimate domains. Root cause is the handling of Internationalized Domain Names allowing homogeneous-looking characters to pass validation, ena...
CVE-2020-14978
CVE-2020-14978 affects F-Secure SAFE 17.7 on macOS. The root cause is incorrect client version verification, enabling an attacker who already has code execution on a machine to connect to a privileged XPC service and execute privileged commands. The attack requires prior compromise and grants hig...
CVE-2021-33596
Summary of CVE-2021-33596 findings : The vulnerability is described as a UI spoofing issue in which the browser shows a legitimate URL in the address bar while content is loaded from a different domain. Exploitation requires the user to click on a specially crafted URL containing an embedded mali...
CVE-2021-40834
CVE-2021-40834 is an UI overlay vulnerability in F‑Secure SAFE Browser for Android. A specially crafted URL can cause the browser to go full screen and hide the user interface, enabling a spoofing attack by a remote attacker. Documented impact is spoofing; CVSS v3.1 vector indicates Network attac...
CVE-2021-33594
CVE-2021-33594 documents an address bar spoofing vulnerability in Safe Browser for Android. The vulnerability allows a remote attacker to present a legitimate-looking URL in the address bar while loading content from a different domain in a window, effectively deceiving users. Reported consistent...