Description
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037225
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/93901
Vendor Advisory x_refsource_confirm
https://support.symantec.com/us/en/article.symsa1384.html
Scores
CVSS v3
3.7
EPSS
0.0084
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (1)
symantec/norton_mobile_security
< 3.16
Published
Jan 08, 2020
Tracked Since
Feb 18, 2026