CVE-2021-44683

HIGH Year: 2021
CVSS v3 Score
8.2
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.

Related Vulnerabilities

CVE-2019-16371

HIGH
CVSS:8.2(High)

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be b...

CWE-10212019

CVE-2020-7705

HIGH
CVSS:8.1(High)

This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along ...

CWE-10212020

CVE-2021-23976

HIGH
CVSS:8.1(High)

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be us...

CWE-10212021

CVE-2024-11700

HIGH
CVSS:8.1(High)

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposi...

CWE-10212024

CVE-2024-33377

HIGH
CVSS:8.1(High)

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with cr...

CWE-10212024