CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28869 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28869
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. Se ha detectado una vulnerabilidad que afectaba al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que el navegador no mostraba la URL completa, como el número de puerto • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28869 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28868 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28868
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una página web/URL maliciosa especialmente diseñada, el usuario puede ser engañado durante un corto período de tiempo (hasta que la página es cargada) para pensar que el contenido puede venir de un dominio válido, mientras que el contenido proviene del sitio controlado por el atacante • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28870 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28870
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que ésta no era correcta si fallaba la navegación • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28870 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44751 – F-Secure SAFE Browser vulnerable to USSD attacks
https://notcve.org/view.php?id=CVE-2021-44751
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE anterior al 22 de marzo de 2022. Un sitio web diseñado de forma maliciosa y adjunto con código USSD en JavaScript o iFrame puede desencadenar la aplicación de marcador del navegador F-Secure, que puede ser explotada por un atacante para enviar mensajes USSD no deseados o llevar a cabo llamadas no deseadas. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame • CWE-276: Incorrect Default Permissions •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40835 – URL Address Bar Spoofing in F-Secure SAFE Browser for iOS
https://notcve.org/view.php?id=CVE-2021-40835
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories •