CVE-2021-40834

CWE-1021Clickjacking3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 57.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F-secure F-secure Mobile SecurityF-secure Safe
Timeline
PublishedDec 10
Latest updateDec 11

Description

A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:LExploitability: 0.9 | Impact: 3.4

Affected Packages2 packages

NVDf-secure/safe17.9
CVEListV5f-secure/f-secure_mobile_security18.5x17.9*

🔴Vulnerability Details

2
GHSA
GHSA-39jf-9gqp-rjmj: A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android2021-12-11
CVEList
User interface Spoofing in F-Secure SAFE browser for Android2021-12-10
CVE-2021-40834 (MEDIUM CVSS 4.3) | A user interface overlay vulnerabil | cvebase.io