Yandex Browser Anti-phishing Vulnerability Affects User Login Security
CVE-2016-8503

7.3HIGH

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For Desktop
Vendor: CVE Published:; 26 October 2016

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8503?

A security issue has been identified in the Yandex Browser where the Anti-phishing warning mechanism can be exploited by remote attackers. This vulnerability enables the execution of specially crafted JavaScript code that may facilitate brute-force password attacks on key web resources. Users operating versions 16.7 to 16.9 of Yandex Browser are particularly vulnerable and should apply updates promptly to mitigate potential risks.

Affected Version(s)

Yandex Browser for desktop 16.7 to 16.9 for Windows and OSx.

References

http://www.securityfocus.com/bid/93921

vdb-entryx_refsource_BID

https://browser.yandex.com/security/changelogs/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2016
Vulnerability Reserved
Oct 7, 2016

JSON