Vulnerabilities in the browser of F-Secure SAFE for Android could allow execution of JavaScript.
STATUS: Fixed
RISK LEVEL: Medium
FIX: A fix has been released in the automatic update channel since 18 February 2022. No user action is required if automatic update is enabled.
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser.
User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
User interaction is required prior to exploitation.
F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.
Date Issued: 03-Mar-2022