Vulnerability Description
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mi | Mi Browser | 10.5.6-g |
| Mi | Mint Browser | 1.5.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/152497/Xiaomi-Mi-Browser-Mint-Browser-URL-SThird Party AdvisoryVDB Entry
- https://sec.xiaomi.com/bug/5bedef67a31ec71ePermissions RequiredVendor Advisory
- https://thehackernews.com/2019/04/xiaomi-browser-vulnerability.htmlExploitThird Party Advisory
- https://www.andmp.com/2019/04/xiaomi-url-spoofing-w-ssl-vulnerability.htmlExploitThird Party Advisory
- http://packetstormsecurity.com/files/152497/Xiaomi-Mi-Browser-Mint-Browser-URL-SThird Party AdvisoryVDB Entry
- https://sec.xiaomi.com/bug/5bedef67a31ec71ePermissions RequiredVendor Advisory
- https://thehackernews.com/2019/04/xiaomi-browser-vulnerability.htmlExploitThird Party Advisory
- https://www.andmp.com/2019/04/xiaomi-url-spoofing-w-ssl-vulnerability.htmlExploitThird Party Advisory
FAQ
What is CVE-2019-10875?
CVE-2019-10875 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query paramet...
How severe is CVE-2019-10875?
CVE-2019-10875 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10875?
Check the references section above for vendor advisories and patch information. Affected products include: Mi Mi Browser, Mi Mint Browser.