F Secure Safe
By the Year
In 2024 there have been 0 vulnerabilities in F Secure Safe . Safe did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 11 | 5.67 |
2021 | 5 | 3.94 |
2020 | 0 | 0.00 |
2019 | 1 | 7.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Safe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F Secure Safe Security Vulnerabilities
F-Secure SAFE Browser 19.1 before 19.2 for Android
CVE-2022-47524
5.4 - Medium
- December 23, 2022
F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack.
WithSecure through 2022-08-10
CVE-2022-38164
6.5 - Medium
- November 07, 2022
WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5).
A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below
CVE-2022-38163
3.5 - Low
- November 07, 2022
A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.
A vulnerability affecting F-Secure SAFE browser was discovered
CVE-2022-28872
8.8 - High
- May 12, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.
A vulnerability affecting F-Secure SAFE browser was discovered
CVE-2022-28873
4.3 - Medium
- May 12, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.
An Address bar spoofing vulnerability was discovered in Safe Browser for Android
CVE-2022-28868
4.3 - Medium
- April 15, 2022
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.
A vulnerability affecting F-Secure SAFE browser was discovered
CVE-2022-28869
4.3 - Medium
- April 15, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number.
A vulnerability affecting F-Secure SAFE browser was discovered
CVE-2022-28870
4.3 - Medium
- April 15, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.
A vulnerability affecting F-Secure SAFE browser was discovered
CVE-2021-44751
5.3 - Medium
- March 25, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.
Incorrect Default Permissions
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability
CVE-2021-44748
6.1 - Medium
- March 06, 2022
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.
XSS
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling
CVE-2021-44749
9.6 - Critical
- March 06, 2022
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.
XSS
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS
CVE-2021-40835
4.3 - Medium
- December 16, 2021
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android
CVE-2021-40834
4.3 - Medium
- December 10, 2021
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.
Clickjacking
An address bar spoofing vulnerability was discovered in Safe Browser for Android
CVE-2021-33594
3.5 - Low
- August 11, 2021
An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
A address bar spoofing vulnerability was discovered in Safe Browser for iOS
CVE-2021-33595
3.5 - Low
- August 11, 2021
A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.
Showing the legitimate URL in the address bar while loading the content from other domain
CVE-2021-33596
4.1 - Medium
- August 05, 2021
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
Clickjacking
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user
CVE-2019-11644
7.8 - High
- May 17, 2019
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
DLL preloading
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for F Secure Safe or by F Secure? Click the Watch button to subscribe.