Insufficient Security Warnings in Yandex Browser for Desktop
CVE-2016-8508

6.5MEDIUM

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For Desktop
Vendor: CVE Published:; 1 March 2017

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8508?

A vulnerability exists in Yandex Browser for desktop versions prior to 17.1.1.227, where the browser fails to display necessary security warnings for certain web content types. This flaw can be exploited by malicious actors to create websites that evade security notifications, potentially leading users to interact with harmful sites without appropriate warning. The issue has been addressed in version 17.1.1.227 and later.

Affected Version(s)

Yandex Browser for desktop before 17.1.1.227 for OSx and Windows

References

http://www.securityfocus.com/bid/96514

vdb-entryx_refsource_BID

https://yandex.com/blog/security-changelogs/fixed-in-vers...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2017
Vulnerability Reserved
Oct 7, 2016

JSON