Main Vulnerability Database SB2016102623

SB2016102623 - Multiple vulnerabilities in Yandex Browser

Published: October 26, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016102623

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2016-8506)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

2) Security Features (CVE-ID: CVE-2016-8502)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

Remediation

Install update from vendor's website.

SB2016102623 - Multiple vulnerabilities in Yandex Browser

Breakdown by Severity

Description

Remediation

References

Please verify you're human