16.2.0.3539

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

yandex

CWE-254

NVD

Published: 2016-10-26

Updated: 2016-12-02

Summary

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

Vulnerable Configurations

Part	Description	Count
Application	Yandex Yandex Yandex Browser 15.12.0.6151 Yandex Yandex Browser 15.12.1.6475 Yandex Yandex Browser 16.2.0.3539	3

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://www.securityfocus.com/bid/93923
https://browser.yandex.com/security/changelogs/