Security Advisories
CVE-2021-44749: Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android
Description
Vulnerabilities in the browser protection of F-Secure SAFE for Android could allow remote attacker to steal user's sessions cookie.
STATUS: Fixed
RISK LEVEL: Medium
FIX: A fix has been released in the automatic update channel since 18 February 2022. No user action is required if automatic update is enabled.
Affected Products
- F-Secure SAFE Browser for Android Version 18.5
Platforms
- All supported platforms for the affected products
More Information
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Mitigating factors
User interaction is required prior to exploitation.
Credits
F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.
Date Issued: 03-Mar-2022