CVE-2013-2307 : The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted w

The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site.

Published 2013-04-26 11:41:57

Updated 2013-04-29 04:00:00

Source JPCERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-2307

Probability of exploitation activity in the next 30 days: 0.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

https://play.google.com/store/apps/details?id=jp.co.yahoo.android.ybrowser

Yahoo!ブラウザー：自動でメモリを最適化 - Apps on Google Play

CVEs referencing this url
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000037

JVNDB-2013-000037 - JVN iPedia - 脆弱性対策情報データベース
http://jvn.jp/en/jp/JVN55074201/index.html

JVN#55074201: Yahoo! Browser vulnerable to address bar spoofing

Yahoo » Yahoo! Browser » For Android
Versions up to, including, (<=) 1.4.2
cpe:2.3:a:yahoo:yahoo\!_browser:*:-:*:*:*:android:*:*
Matching versions
Yahoo » Yahoo! Browser » Version: 1.2.0 For Android
cpe:2.3:a:yahoo:yahoo\!_browser:1.2.0:-:*:*:*:android:*:*
Matching versions