CVE-2019-10875

Name of the Vulnerable Software and Affected Versions Xiaomi Mi browser version 10.5.6-g Mint Browser version 1.5.3

Description A URL spoofing issue was discovered due to the handling of the q query parameter in the affected browsers. Specifically, the portion of an https URL before the ?q= substring is not displayed to the user.

Recommendations For Xiaomi Mi browser version 10.5.6-g, update to a version that properly handles the q query parameter to prevent URL spoofing. For Mint Browser version 1.5.3, update to a version that correctly displays the entire https URL, including the portion before the ?q= substring, to mitigate the risk of URL spoofing. As a temporary workaround, consider avoiding the use of the q query parameter in the affected browsers until a patch is available.