Security Advisories

CVE-2021-44748: Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android

Description

Vulnerabilities in the browser of F-Secure SAFE for Android could allow execution of JavaScript. 

STATUS: Fixed

RISK LEVEL: Medium

FIX: A fix has been released in the automatic update channel since 18 February 2022. No user action is required if automatic update is enabled.

Affected Products

  • F-Secure SAFE Browser for Android Version 18.5

Platforms

  • All supported platforms for the affected products

More Information

A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser.

User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. 

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Mitigating factors

User interaction is required prior to exploitation.

Credits

F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.

Date Issued: 03-Mar-2022