RSS   Vulnerabilities for 'Yandex browser'   RSS

2018-01-19
 
CVE-2017-7327

CWE-426
 

 
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

 
 
CVE-2017-7326

CWE-362
 

 
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page

 
2017-03-01
 
CVE-2016-8508

 

 
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.

 
 
CVE-2016-8507

 

 
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.

 
2016-10-26
 
CVE-2016-8506

 

 
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

 
 
CVE-2016-8504

 

 
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

 
 
CVE-2016-8503

 

 
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

 
 
CVE-2016-8502

 

 
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

 
 
CVE-2016-8501

 

 
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

 

 >>> Vendor: Yandex 6 Products
Yandex.server
Yandex.server 2010
Yandex browser
Yandex.browser
Tomita-parser
Clickhouse


Copyright 2019, cxsecurity.com

 

Back to Top