A adress bar spoof vulnerability was discovered is yandax android which was submmited responsiably to yandax, yandax awarded the report with 100$ and CVE id is still pending
OS: Andorid Yandex Version: 19.1.1
- Setup attached file on a server
- Run test3.html
- Click on the link
- The address bar will be spoofed with user interaction enabled