Yandex Browser Anti-phishing Vulnerability Exposes Users to Brute Force Attacks
CVE-2016-8502

7.3HIGH

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For Desktop
Vendor: CVE Published:; 26 October 2016

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8502?

A security flaw in Yandex Browser's anti-phishing feature, present in versions 15.12.0 to 16.2, could allow remote attackers to exploit this vulnerability by using specially crafted JavaScript. This could lead to unauthorized password brute-force attempts on critical web resources, posing a significant risk to user accounts and sensitive information.

Affected Version(s)

Yandex Browser for desktop 15.12.0 to 16.2 for Windows and OSx.

References

http://www.securityfocus.com/bid/93923

vdb-entryx_refsource_BID

https://browser.yandex.com/security/changelogs/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2016
Vulnerability Reserved
Oct 7, 2016

JSON