Published: 20/10/2020 Updated: 28/10/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an malicious user to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ucweb uc browser

JavaScript-based address bar spoofing vulns patched in Safari, Yandex, Opera

The Register • Gareth Corfield • 24 Oct 2020

Are you where you think you are, or are you where I want you to think you are? If you want to hijack widely used JavaScript packages, try phishing for devs through these DMARC-shaped holes in key Node.js domains

Rapid7 found Apple’s Safari browser, as well as the Opera Mini and Yandex browsers, were vulnerable to JavaScript-based address bar spoofing. The infosec outfit, along with its “longtime mobile hacker friend Rafay Baloch,” discovered the software could be tricked into displaying the URL of one website while loading and displaying content from another. Such trickery is useful to, among others, thieves and fraudsters who might want to replace a bank’s online login page with one designed to...

CVE-2020-7363

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect