CVE-2022-28872: 
NixOS vulnerability analysis and mitigation

A vulnerability affecting F-Secure SAFE browser was discovered in May 2022 (CVE-2022-28872). The vulnerability allowed maliciously crafted websites to perform phishing attacks through address bar spoofing when navigation fails in a loop (NVD, CVE).

The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) from NVD with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while F-Secure assessed it as CVSS 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L. The vulnerability specifically affects the address bar functionality when navigation fails in a loop, potentially allowing attackers to spoof the displayed URL (NVD).

The vulnerability could enable attackers to conduct phishing attacks by spoofing the address bar, potentially leading to users being deceived about the website they are visiting. This could result in credential theft or other forms of social engineering attacks (NVD).

F-Secure has addressed this vulnerability through their security advisory channels. Users should ensure they are using the latest version of the F-Secure SAFE browser (F-Secure Advisory).