CVE-2022-28869 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28869
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. Se ha detectado una vulnerabilidad que afectaba al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que el navegador no mostraba la URL completa, como el número de puerto • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28869 •
CVE-2022-28868 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28868
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una página web/URL maliciosa especialmente diseñada, el usuario puede ser engañado durante un corto período de tiempo (hasta que la página es cargada) para pensar que el contenido puede venir de un dominio válido, mientras que el contenido proviene del sitio controlado por el atacante • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868 •
CVE-2022-28870 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28870
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que ésta no era correcta si fallaba la navegación • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28870 •
CVE-2021-44749 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android
https://notcve.org/view.php?id=CVE-2021-44749
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. Se ha detectado una vulnerabilidad que afecta a la protección del navegador F-Secure SAFE. Un manejo inapropiado de las URLs puede causar una vulnerabilidad de tipo cross-site scripting universal mediante la protección de la navegación en un navegador web SAFE. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-44748 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2021-44748
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE por la que los navegadores cargan imágenes automáticamente esta vulnerabilidad puede ser explotada de forma remota por un atacante para ejecutar el JavaScript puede ser usado para desencadenar un ataque de tipo cross-site scripting universal mediante el navegador. Es requerida una interacción del usuario antes de la explotación, como entrar en un sitio web malicioso para desencadenar la vulnerabilidad • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •