Vulnerabilities > CVE-2016-8508 - 7PK - Security Features vulnerability in Yandex Browser

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

yandex

CWE-254

NVD

Published: 2017-03-01

Updated: 2017-03-04

Summary

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.

Vulnerable Configurations

Part	Description	Count
Application	Yandex Yandex Yandex Browser - Yandex Yandex Browser 15.2.2214.3645 Yandex Yandex Browser 15.4.2272.3429 Yandex Yandex Browser 15.6.2311.5029 Yandex Yandex Browser 15.10 Yandex Yandex Browser 15.10.2454.3845 Yandex Yandex Browser 15.12 Yandex Yandex Browser 15.12.0 Yandex Yandex Browser 15.12.0.6151 Yandex Yandex Browser 15.12.1.6475 Yandex Yandex Browser 16.2 Yandex Yandex Browser 16.2.0.3539 Yandex Yandex Browser 16.4.0.9335 Yandex Yandex Browser 16.4.0.9404 Yandex Yandex Browser 16.6 Yandex Yandex Browser 16.6.0.8810 Yandex Yandex Browser 16.6.1.9652 Yandex Yandex Browser 16.6.1.30165 Yandex Yandex Browser 16.7.0 Yandex Yandex Browser 16.7.0.2777 Yandex Yandex Browser 16.7.0.3342 Yandex Yandex Browser 16.7.1.2912 Yandex Yandex Browser 16.7.1.20808 Yandex Yandex Browser 16.9 Yandex Yandex Browser 16.9.0 Yandex Yandex Browser 16.9.0.1424 Yandex Yandex Browser 16.9.1.1131 Yandex Yandex Browser 16.9.1.1616 Yandex Yandex Browser 16.10 Yandex Yandex Browser 16.10.0.1326 Yandex Yandex Browser 16.10.0.2357 Yandex Yandex Browser 16.10.1.1443 Yandex Yandex Browser 16.10.2.1487 Yandex Yandex Browser 16.11.0.649 Yandex Yandex Browser 17.1 Yandex Yandex Browser 17.1.0.412	42

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References