Yahoo! Browser vulnerable to address bar spoofing


Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed.
Note that this vulnerability is different from JVN#55074201.

Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products

Yahoo Japan Corporation
  • Yahoo! Browser v1.4.4 and earlier


This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks.

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Yahoo Japan Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-2316

  1. JVN : JVN#31817913
  2. National Vulnerability Database (NVD) : CVE-2013-2316
Revision History

  Web page was published