CSRF Vulnerability in Yandex Browser for Desktop
CVE-2016-8504

4.3MEDIUM

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For Desktop
Vendor: CVE Published:; 26 October 2016

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8504?

A Cross-Site Request Forgery vulnerability exists in Yandex Browser for desktop versions earlier than 16.6. This vulnerability can be exploited by an attacker to initiate unauthorized actions on behalf of a user, potentially allowing for the theft of sensitive data stored in the browser profile. Users are advised to update their Yandex Browser to the latest version to mitigate the risk associated with this security flaw.

Affected Version(s)

Yandex Browser for desktop before 16.6 for OSx and Windows

References

http://www.securityfocus.com/bid/93924

vdb-entryx_refsource_BID

https://browser.yandex.com/security/changelogs/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2016
Vulnerability Reserved
Oct 7, 2016

JSON