← Back to CVEs

CVE-2021-33595

LOW

3.5

Description

A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.

CVE Details

CVSS v3.1 Score3.5

SeverityLOW

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionREQUIRED

Published8/11/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

f-secure:safe

References

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame(cve-notifications-us@f-secure.com)

https://www.f-secure.com/en/business/support-and-downloads/security-advisories(cve-notifications-us@f-secure.com)

https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33595(cve-notifications-us@f-secure.com)

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame(af854a3a-2127-422b-91ae-364da2661108)

https://www.f-secure.com/en/business/support-and-downloads/security-advisories(af854a3a-2127-422b-91ae-364da2661108)

https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33595(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.