Vulnerability Description
A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | Safe | < 18.4.272901 |
References
- https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-Vendor Advisory
- https://www.f-secure.com/en/business/support-and-downloads/security-advisoriesVendor Advisory
- https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cVendor Advisory
- https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-Vendor Advisory
- https://www.f-secure.com/en/business/support-and-downloads/security-advisoriesVendor Advisory
- https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cVendor Advisory
FAQ
What is CVE-2021-33595?
CVE-2021-33595 is a vulnerability with a CVSS score of 3.5 (LOW). A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that...
How severe is CVE-2021-33595?
CVE-2021-33595 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33595?
Check the references section above for vendor advisories and patch information. Affected products include: F-Secure Safe.