CVE-2016-9473 Information

Description

Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Reference

http://www.securityfocus.com/bid/97155 https://cxsecurity.com/issue/WLB-2017010042 https://github.com/brave/browser-ios/pull/504 https://hackerone.com/reports/175958

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.7