The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a…
mitre·CWE-1021·Published 2022-03-25
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.
El navegador DuckDuckGo versión 7.64.4 en iOS, permite una Suplantación de la Barra de Direcciones debido al manejo inapropiado de la función JavaScript window.open (usada para abrir una ventana secundaria del navegador). Esto podría ser explotado al engañar a usuarios para que proporcionen información confidencial como credenciales, ya que la barra de direcciones mostraría una URL legítima, pero el contenido estaría alojado en el sitio web del atacante
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.8 | 8.6 | 4.9 | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| 3.1 | Primary | NVD | 8.2 | 2.8 | 4.7 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |