16.2.0.3539

CVSS 7.3 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

yandex

CWE-254

NVD

Published: 2016-10-26

Updated: 2016-12-02

Summary

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

Vulnerable Configurations

Part	Description	Count
Application	Yandex Yandex Yandex Browser 16.2.0.3539 Yandex Yandex Browser 15.12.1.6475 Yandex Yandex Browser 15.12.0.6151	3

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://browser.yandex.com/security/changelogs/
http://www.securityfocus.com/bid/93923