Headline
CVE-2021-44748: CVE-2021-44748 | F-Secure
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.
Security Advisories
CVE-2021-44748: Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android
Description
Vulnerabilities in the browser of F-Secure SAFE for Android could allow execution of JavaScript.
STATUS: Fixed
RISK LEVEL: Medium
FIX: A fix has been released in the automatic update channel since 18 February 2022. No user action is required if automatic update is enabled.
Affected Products
- F-Secure SAFE Browser for Android Version 18.5
Platforms
- All supported platforms for the affected products.
More Information
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser.
User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Mitigating factors
User interaction is required prior to exploitation.
Credits
F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.