Headline
CVE-2022-28873: Security advisories | F-Secure
A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.
CVE ID DATE ISSUED ADVISORY TITLE AFFECTED PRODUCTS CVE-2022-28873
12-May-2022 Multiple Address Bar Spoofing Vulnerabilities in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 19.0 and below CVE-2022-28872
12-May-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 19.0 and below CVE-2022-28871 25-Apr-2022 Denial-of-Service (DoS) Vulnerability All F-Secure endpoint protection products on Windows and Mac CVE-2022-28870 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2022-28869 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2022-28868 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2021-44751 25-Mar-2022 F-Secure SAFE Browser vulnerable to USSD attacks F-Secure SAFE Browser for Android Version 18.5 and below CVE-2021-44750 09-Mar-2022 Arbitrary Code Execution F-Secure FREEDOME VPN, F-Secure SAFE, F-Secure KEY, and F-Secure Internet Security/Anti-Virus CVE-2021-44749 03-Mar-2022 Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android F-Secure SAFE Browser for Android Version 18.5 CVE-2021-44748 03-Mar-2022 Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android F-Secure SAFE Browser for Android Version 18.5
Related news
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.