#VU55851 Improper Restriction of Rendered UI Layers or Frames in F-Secure Safe Browser - CVE-2021-33596

Cybersecurity Help s.r.o.

Published: 2021-08-13

Vulnerability identifier: #VU55851

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-33596

CWE-ID: CWE-1021

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
F-Secure Safe Browser
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: F-Secure

Description

The vulnerability allows a remot attacker to compromise the target system.

The vulnerability exists due to showing the legitimate URL in the address bar while loading the content from other domain. A remote authenticated attacker can trick a victim to click on a specially crafted URL and make the user believe that the content is served by a legit domain .

Mitigation
Install updates from vendor's website.

Vulnerable software versions

F-Secure Safe Browser: 18.3.0

External links
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in F-Secure SAFE Browser