CVE-2022-28869: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in F-Secure SAFE browser that could enable phishing attacks through address bar spoofing. The vulnerability (CVE-2022-28869) was identified when the browser failed to display the complete URL, specifically omitting elements like port numbers. This security issue affected F-Secure SAFE browser for Android versions up to and including 18.6, and was disclosed on April 14, 2022 (F-Secure Advisory).

The vulnerability stems from an implementation flaw in the browser's URL display mechanism where it fails to show the complete URL in the address bar, particularly omitting port numbers. The issue has been assigned a CVSS v3.1 base score of 4.3 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that it requires user interaction and can be exploited remotely without privileges (NVD).

The vulnerability could enable attackers to conduct phishing attacks by exploiting the incomplete URL display in the address bar. This could lead to users being misled about the actual destination of a webpage, potentially resulting in users unknowingly accessing malicious websites while believing they are on legitimate sites (F-Secure Advisory).

F-Secure released a fix through the automatic update channel on April 13, 2022. No user action is required as the update is delivered automatically. The vulnerability has been addressed in versions newer than 18.6 (F-Secure Advisory).