PT-2020-19578 · Rits+1 · Rits Browser+1

Rafay Baloch

Published

2020-10-20

Updated

2020-10-29

CVE-2020-7371

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yandex Browser versions prior to 3.3.9 RITS Browser version 3.3.9 and prior versions

Description The issue is related to the User Interface (UI) Misrepresentation of Critical Information in the address bar, allowing an attacker to hide the true source of data.

Recommendations For Yandex Browser versions prior to 3.3.9, update to a version newer than 3.3.9 to resolve the issue. For RITS Browser version 3.3.9 and prior versions, update to a version newer than 3.3.9 to resolve the issue.

Exploit

Fix

Clickjacking

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-451

Related Identifiers

CVE-2020-7371

Affected Products

Rits Browser

Yandex Browser

PT-2020-19578 · Rits+1 · Rits Browser+1

CVE-2020-7371

Weakness Enumeration

Related Identifiers

Affected Products

References · 4