Security changelogs

Fixed in version 16.2

26 October 2016, 09:05

CVE-2016-8502: Evgeny Sukhov

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2.0 could be used by a remote attacker for brute forcing passwords from important web-resource (without opportunity of getting login or important resource's address) with special JavaScript-code.

CVE-2016-8506: Thereissuchname

XSS in Yandex Browser's Translator in Yandex Browser for desktop for versions from 15.12.0 to 16.2.0 could be used by a remote attacker for evaluation arbitrary JavaScript-code.