Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/
Scores
CVSS v3
4.3
EPSS
0.0098
EPSS Percentile
57.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-451
CWE-306
Status
published
Products (1)
yandex/yandex_browser
< 20.8.4
Published
Oct 20, 2020
Tracked Since
Feb 18, 2026