5 matches found
CVE-2017-20041
UC Browser 11.2.5.932 is affected by CVE-2017-20041 due to the HTML Handler: manipulation of the title argument leads to improper restriction of rendered UI layers (URL). The issue is exploitable remotely and the exploit has been disclosed publicly. No patch/version remediation details are provid...
CVE-2019-10250
Summary (CVE-2019-10250) : UCWeb UC Browser 7.0.185.1002 on Windows downloads certain PDF modules over HTTP, enabling man‑in‑the‑middle (MITM) attacks. Root cause: unencrypted HTTP module retrieval. Impact: potential confidentiality exposure via MITM. Exploitation details or active exploit status...
CVE-2020-7364
CVE-2020-7364 is a UI-based spoofing vulnerability in UCWeb UC Browser (Android) affecting version 13.0.8 and earlier. The root cause is a misrepresentation in the address bar, enabling an attacker to obfuscate the true source of data via JavaScript timing tricks, potentially causing a pop-up or ...
CVE-2020-7363
CVE-2020-7363 affects UCWeb UC Browser versions 13.0.8 and earlier, enabling UI/address-bar spoofing through JavaScript timing tricks that can mislead users about the page origin. Exploitation requires visiting a page hosting executable JavaScript; it can trigger in-browser content or popups that...
CVE-2019-10251
The CVE-2019-10251 entry concerns the UCWeb UC Browser on Android (pre-2020) that downloads modules tied to PDF/Office processing via libpicsel over HTTP. This insecure HTTP traffic enables man‑in‑the‑middle attacks against module downloads, exposing users to potential data interception or tamper...