[Japanese]

JVNDB-2013-000045

Yahoo! Browser vulnerable to address bar spoofing

Overview

Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed.
Note that this vulnerability is different from JVN#55074201.

Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


Yahoo Japan Corporation
  • Yahoo! Browser v1.4.4 and earlier

Impact

This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Yahoo Japan Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-2316
References

  1. JVN : JVN#31817913
  2. National Vulnerability Database (NVD) : CVE-2013-2316
Revision History

[2013/05/27]
  Web page was published