Browser
CVE-2016-9473
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
AnalysisAI
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-451. Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. Affected products include: Brave Browser. Version information: before 1.2.18.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function han
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android
Same-Origin Policy bypass in Lightpanda headless browser before 0.3.1 allows an attacker-controlled site to impersonate
Cross-origin credential leakage in Lightpanda, a headless browser built for AI and automation workloads, occurs because
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in T
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. Rated medium severity
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today