Address Bar Spoofing Vulnerability in Yandex Browser
CVE-2017-7325

7.5HIGH

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser
Vendor: CVE Published:; 19 January 2018

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2017-7325?

A vulnerability in Yandex Browser prior to version 16.9.0 allows remote attackers to exploit the window.open functionality, potentially leading to address bar spoofing. This issue can mislead users by displaying a deceptive URL in the browser's address bar while navigating to malicious sites. Users of affected versions are encouraged to update their browsers to ensure protection against this type of attack. For more detailed information, refer to the official Yandex security changelogs.

Affected Version(s)

Yandex Browser All versions prior to version 16.9.0

References

https://browser.yandex.com/security/changelogs/fixed-in-v...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2018
Vulnerability Reserved
Mar 30, 2017

JSON