CVE-2021-40835

3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 47.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F-secure F-secure Mobile SecurityF-secure Safe
Timeline
PublishedDec 16
Latest updateDec 17

Description

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no lon

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

NVDf-secure/safe< 18.3
CVEListV5f-secure/f-secure_mobile_security18.318.5

🔴Vulnerability Details

2
GHSA
GHSA-75cm-2vvh-47g6: An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS2021-12-17
CVEList
URL Address Bar Spoofing in F-Secure SAFE Browser for iOS2021-12-16
CVE-2021-40835 (MEDIUM CVSS 4.3) | An URL Address bar spoofing vulnera | cvebase.io