16.9.1.1131

CVSS 7.3 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

yandex

CWE-254

NVD

Published: 2016-10-26

Updated: 2016-12-02

Summary

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

Vulnerable Configurations

Part	Description	Count
Application	Yandex Yandex Yandex Browser 16.9.1.1131 Yandex Yandex Browser 16.7.0.3342 Yandex Yandex Browser 16.7.1.20808	3

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://browser.yandex.com/security/changelogs/
http://www.securityfocus.com/bid/93921