CVE-2016-8504

MEDIUM

Yandex Browser < 16.6 - Cross-Site Request Forgery in Synchronization Form

Title source: llm
STIX 2.1

Description

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93924
Release Notes, Vendor Advisory x_refsource_confirm
https://browser.yandex.com/security/changelogs/

Scores

CVSS v3 4.3
EPSS 0.0056
EPSS Percentile 42.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-352
Status published
Products (2)
yandex/yandex_browser < 16.6.1.30165
Yandex N.V./Yandex Browser for desktop before 16.6 for OSx and Windows
Published Oct 26, 2016
Tracked Since Feb 18, 2026