Keita Haga

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 9 **Description** The issue is related to errors in security settings, allowing a remote attacker to exploit it and potentially spoof the relationship between URLs and web content. This can be achieved via a crafted window opener on a web site, enabling the attacker to substitute the content of web pages. **Recommendations** For versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the window opener feature on web sites until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Browser application version 1.4.4 and earlier **Description** The issue allows remote attackers to spoof the address bar via vectors related to URL display. **Recommendations** For Yahoo! Browser application version 1.4.4 and earlier, update to a version later than 1.4.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sleipnir Mobile application versions 2.9.1 and earlier Sleipnir Mobile Black Edition application versions 2.9.1 and earlier **Description** The issue allows remote attackers to spoof the address bar via vectors involving the opening of a new window. **Recommendations** For Sleipnir Mobile application versions 2.9.1 and earlier, update to a version later than 2.9.1. For Sleipnir Mobile Black Edition application versions 2.9.1 and earlier, update to a version later than 2.9.1.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Browser version prior to 1.4.3 **Description** The issue allows remote attackers to spoof the address bar via a crafted web site. **Recommendations** For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sleipnir Mobile application versions 2.8.0 and earlier Sleipnir Mobile Black Edition application versions 2.8.0 and earlier **Description** The issue allows remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. **Recommendations** For Sleipnir Mobile application versions 2.8.0 and earlier, consider restricting access to Extension APIs until a patch is available. For Sleipnir Mobile Black Edition application versions 2.8.0 and earlier, consider restricting access to Extension APIs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sleipnir versions 4.0.0.4000 and earlier **Description** The issue allows remote attackers to spoof the SSL lock icon and address-bar colors. **Recommendations** For versions 4.0.0.4000 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Toolbar versions 1.0.0.5 and earlier for Chrome and Safari **Description** The issue allows remote attackers to modify the configured search URL and intercept search terms via a crafted web page. **Recommendations** For Yahoo! Toolbar versions 1.0.0.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.