cvedb.io
CVE-2021-40835
MEDIUM · CVSS 4.6
EPSS exploitation probability: 0%
Published 2021-12-16T11:15:07.977 · Last modified 2026-06-17T04:07:30.573

Summary

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.

Affected products

f-secure — safe

Does this affect you?

Add your gear to cvedb and we'll alert you only when f-secure ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.