CVE-2016-8508

MEDIUM

Yandex Browser <17.1.1.227 - Info Disclosure

Title source: llm

Description

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96514

[Vendor Advisory] https://yandex.com/blog/security-changelogs/fixed-in-version-17-1

Scores

CVSS v3 6.5

EPSS 0.0025

EPSS Percentile 48.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-254

Status published

Affected Products (2)

yandex/yandex_browser < 17.1.1.227

Yandex N.V./Yandex Browser for desktop < before 17.1.1.227 for OSx and Windows

Timeline

Published Mar 01, 2017

Tracked Since Feb 18, 2026