Built-in MI browser (v10.5.6‐g)or the Mint browser (v1.5.3)
Attacker could easily trick Xiaomi users to think that they are visiting a trusted site but actually they are being served by a malicious or a phishing content.
The vulnerability is identified as CVE‐2019‐10875 and an attacker could spoof the browser address bar and that because of a logical flaw in the browser's interface. It is reported that affected browsers are not handling query parameter ("q") in the URLs properly. And it fails to display the HTTPs portion before the "?q=" substring in the address bar.
Since the security indicators such as HTTPs is not displayed properly in the address bar the flaw can used to easily trick Xiaomi users.
✦ Stealing sensitive information from the tricked user.
✦ Distributing malware.
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
The information provided herein is on "as is" basis, without warranty of any kind.