F-Secure Safe Browser Address Bar clickjacking

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in F-Secure Safe Browser (unknown version). This issue affects some unknown processing of the component Address Bar Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	05/12/2022 04:25 PM	05/14/2022 05:56 PM	05/14/2022 06:04 PM
vendor	F-Secure	F-Secure	F-Secure
name	Safe Browser	Safe Browser	Safe Browser
component	Address Bar Handler	Address Bar Handler	Address Bar Handler
cwe	451 (privilege escalation)	451 (privilege escalation)	451 (privilege escalation)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rc	C	C	C
url	https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28873	https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28873	https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28873
cve	CVE-2022-28873	CVE-2022-28873	CVE-2022-28873
cve_assigned	1649368800	1649368800	1649368800
date	1652306400 (05/12/2022)	1652306400 (05/12/2022)	1652306400 (05/12/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	7.5	7.5	7.5
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.3	6.3	6.3
cvss3_meta_basescore	6.3	6.3	5.3
cvss3_meta_tempscore	6.3	6.3	5.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.	A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			F-Secure
cvss3_cna_basescore			4.3

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!