CVE-2021-33594: 
NixOS vulnerability analysis and mitigation

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When a user clicks on a specially crafted malicious URL, it appears legitimate in the address bar while the content comes from another domain and is presented in a window covering the original content (NVD). This vulnerability was disclosed on August 11, 2021 and affects F-Secure SAFE Browser versions prior to 18.4.x on Android (CERT-FR).

The vulnerability allows an attacker to manipulate how URLs are displayed in the browser's address bar, creating a mismatch between the displayed URL and the actual source of the content. The attack involves crafting a special URL that, when clicked, shows a legitimate-looking URL in the address bar while loading content from a malicious domain. The vulnerability has been assigned a CVSS v3.1 base score with Network attack vector, Low attack complexity, Low privileges required, and User interaction required (NVD CNA Status).

A remote attacker can leverage this vulnerability to perform address bar spoofing attacks. This could lead to effective phishing attacks where users believe they are interacting with a legitimate website while actually viewing content from a malicious source (NVD).

Users should upgrade to F-Secure SAFE Browser version 18.4.x or later to address this vulnerability (CERT-FR).