Lucene search
K
F-secureSafe

19 matches found

CVE
CVE
added 2022/03/25 10:32 a.m.101 views

CVE-2021-44751

The CVE describes a vulnerability in the F-Secure SAFE browser where a malicious website containing USSD code via JavaScript or an iframe can trigger the browser’s dialer. This could allow an attacker to send USSD messages or initiate calls. The impact notes that on most modern Androids the diale...

5.3CVSS4.8AI score0.00553EPSS
CVE
CVE
added 2022/03/06 7:5 p.m.98 views

CVE-2021-44748

CVE-2021-44748 affects F-Secure SAFE Browser for Android. Connected CNVD entry describes a universal cross-site scripting vulnerability in the Android SAFE Browser, enabling remote JavaScript execution via image loading. The initial description also notes image loading and potential XSS with user...

6.1CVSS5.7AI score0.00525EPSS
CVE
CVE
added 2022/03/06 7:5 p.m.95 views

CVE-2021-44749

F-Secure SAFE Browser Protection for Android is reported vulnerable to universal cross-site scripting due to improper URL handling in the SAFE browser protection module. The vulnerability could allow arbitrary code execution; user interaction is required for exploitation. Connected sources refere...

9.6CVSS7.5AI score0.00767EPSS
CVE
CVE
added 2022/04/15 10:20 a.m.93 views

CVE-2022-28870

CVE-2022-28870 affects the F-Secure SAFE browser. The vulnerability allows address bar spoofing when navigation fails, enabling phishing via a malicious site. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, low attack complexity, no privileges, user interaction required. Publi...

4.3CVSS4.5AI score0.00444EPSS
CVE
CVE
added 2022/04/15 10:21 a.m.85 views

CVE-2022-28869

CVE-2022-28869 affects F-Secure SAFE browser (Android in CVE records) where the browser does not display the full URL, such as the port number, enabling address-bar spoofing. This could allow phishing attacks via malicious sites exploiting the UI omission. The vulnerability description consistent...

4.3CVSS4.5AI score0.00444EPSS
CVE
CVE
added 2022/05/12 11:16 a.m.85 views

CVE-2022-28872

CVE-2022-28872 describes a vulnerability in the F-Secure SAFE browser (Android variant) where a malicious site could trigger phishing via address bar spoofing if navigation fails in a loop. The issue is that the address bar is not correctly represented, enabling deception of the user. The availab...

8.8CVSS6.2AI score0.00456EPSS
CVE
CVE
added 2022/05/12 11:16 a.m.84 views

CVE-2022-28873

CVE-2022-28873 describes a vulnerability in the F-Secure SAFE browser where an attacker could abuse the Javascript window.open functionality to perform an address bar spoofing attack. The NVD entry lists a CVSS v3.1 base score of 4.3 (Medium) with attack vector Network, no privileges, user intera...

4.3CVSS4.5AI score0.00529EPSS
CVE
CVE
added 2022/04/15 10:21 a.m.82 views

CVE-2022-28868

CVE-2022-28868 describes an address bar spoofing vulnerability in F-Secure Safe Browser for Android . When a user visits a specially crafted malicious page/URL, they may briefly believe content is from a legitimate domain while it is served from an attacker-controlled site. The connected document...

4.3CVSS4.5AI score0.00527EPSS
CVE
CVE
added 2022/11/07 12:0 a.m.82 views

CVE-2022-38164

CVE-2022-38164 affects the F-Secure SAFE browser for Android and iOS. The vulnerability allows a malicious website to perform a URL-spoofing phishing attack because the browser displays only a portion of the full URL, enabling misleading URLs. The connected sources do not provide concrete patch v...

6.5CVSS6AI score0.00435EPSS
CVE
CVE
added 2022/11/07 12:0 a.m.67 views

CVE-2022-38163

The CVE-2022-38163 entry describes a drag-and-drop spoof vulnerability in F-Secure SAFE Browser for Android and iOS (versions = 19.0.1 or newer as applicable) and to avoid drag-and-drop actions on the address bar until patched. If details are updated (e.g., explicit exploit activity), they should...

3.5CVSS3.8AI score0.00547EPSS
CVE
CVE
added 2021/12/16 10:58 a.m.64 views

CVE-2021-40835

CVE-2021-40835 affects F-Secure Safe Browser for iOS. The issue is an URL address bar spoofing vulnerability where a specially crafted URL with an extremely long username part can mislead users into thinking content comes from a valid domain. The described root cause is that the username portion ...

4.6CVSS4.4AI score0.00705EPSS
CVE
CVE
added 2019/05/17 8:5 p.m.63 views

CVE-2019-11644

The CVE-2019-11644 entry describes a local privilege escalation in the Windows installers for F-Secure products (SAFE for Windows before 17.6; Internet Security before 17.6; Anti-Virus before 17.6; Client Security Standard/Premium before 14.10; PSB Workstation Security before 12.01; Computer Prot...

7.8CVSS7.6AI score0.01349EPSS
CVE
CVE
added 2021/08/11 10:28 a.m.59 views

CVE-2021-33595

Affected product. Safe Browser for iOS (F-Secure Safe Browser). Issue. Address bar spoofing: the address bar shows a legitimate URL while loading content from another domain, causing users to believe the content is from a trusted site. Root cause (as described). A mismatch between displayed URL a...

3.5CVSS3.9AI score0.01075EPSS
CVE
CVE
added 2020/06/23 7:2 p.m.57 views

CVE-2020-14977

The CVE affects F-Secure SAFE 17.7 on macOS. The vulnerability arises because XPC services identify connecting clients by PID, enabling a PID reuse attack that lets an attacker connect to a privileged XPC service and execute privileged commands, provided the attacker already compromised the machi...

9.3CVSS8.2AI score0.028EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.55 views

CVE-2022-47524

CVE-2022-47524 affects F-Secure SAFE Browser on Android (version 19.1 prior to 19.2). The issue is an IDN homograph attack that could enable spoofing of legitimate domains. Root cause is the handling of Internationalized Domain Names allowing homogeneous-looking characters to pass validation, ena...

5.4CVSS5.5AI score0.00353EPSS
CVE
CVE
added 2020/06/23 7:1 p.m.53 views

CVE-2020-14978

CVE-2020-14978 affects F-Secure SAFE 17.7 on macOS. The root cause is incorrect client version verification, enabling an attacker who already has code execution on a machine to connect to a privileged XPC service and execute privileged commands. The attack requires prior compromise and grants hig...

9.3CVSS8.2AI score0.03114EPSS
CVE
CVE
added 2021/08/05 7:26 p.m.52 views

CVE-2021-33596

Summary of CVE-2021-33596 findings : The vulnerability is described as a UI spoofing issue in which the browser shows a legitimate URL in the address bar while content is loaded from a different domain. Exploitation requires the user to click on a specially crafted URL containing an embedded mali...

4.1CVSS4.1AI score0.00797EPSS
CVE
CVE
added 2021/12/10 1:38 p.m.52 views

CVE-2021-40834

CVE-2021-40834 is an UI overlay vulnerability in F‑Secure SAFE Browser for Android. A specially crafted URL can cause the browser to go full screen and hide the user interface, enabling a spoofing attack by a remote attacker. Documented impact is spoofing; CVSS v3.1 vector indicates Network attac...

4.3CVSS4.5AI score0.00727EPSS
CVE
CVE
added 2021/08/11 10:28 a.m.44 views

CVE-2021-33594

CVE-2021-33594 documents an address bar spoofing vulnerability in Safe Browser for Android. The vulnerability allows a remote attacker to present a legitimate-looking URL in the address bar while loading content from a different domain in a window, effectively deceiving users. Reported consistent...

3.5CVSS3.9AI score0.01075EPSS