User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an malicious user to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ucweb uc browser |
Are you where you think you are, or are you where I want you to think you are? If you want to hijack widely used JavaScript packages, try phishing for devs through these DMARC-shaped holes in key Node.js domains
Rapid7 found Apple’s Safari browser, as well as the Opera Mini and Yandex browsers, were vulnerable to JavaScript-based address bar spoofing. The infosec outfit, along with its “longtime mobile hacker friend Rafay Baloch,” discovered the software could be tricked into displaying the URL of one website while loading and displaying content from another. Such trickery is useful to, among others, thieves and fraudsters who might want to replace a bank’s online login page with one designed to...