Address Bar Spoofing Vulnerability in Yandex Browser
CVE-2017-7325

7.5HIGH

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser
Vendor: CVE Published:; 19 January 2018

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2017-7325?

A vulnerability in Yandex Browser prior to version 16.9.0 allows remote attackers to exploit the window.open functionality, potentially leading to address bar spoofing. This issue can mislead users by displaying a deceptive URL in the browser's address bar while navigating to malicious sites. Users of affected versions are encouraged to update their browsers to ensure protection against this type of attack. For more detailed information, refer to the official Yandex security changelogs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Yandex Browser All versions prior to version 16.9.0

References

https://browser.yandex.com/security/changelogs/fixed-in-v...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2018
Vulnerability Reserved
Mar 30, 2017

JSON

Yandex N.v.

What is CVE-2017-7325?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.