PT-2020-20392 · Opensearch · Opensearch Web Browser
Published
2020-06-08
·
Updated
2020-06-11
·
CVE-2020-8954
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OpenSearch Web browser version 1.0.4.9
Description
The issue allows Intent Scheme Hijacking, where a link that opens another app in the browser can be manipulated.
Recommendations
For OpenSearch Web browser version 1.0.4.9, consider restricting the use of intent schemes to minimize the risk of exploitation until a patch is available.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opensearch Web Browser