Vulnerabilities > CVE-2021-33596 - Improper Restriction of Rendered UI Layers or Frames vulnerability in F-Secure Safe

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

f-secure

CWE-1021

NVD

Published: 2021-08-05

Updated: 2021-08-12

Summary

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.

Vulnerable Configurations

Part	Description	Count
Application	F-Secure F Secure Safe *	1

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596