Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for browser by brave

    CVE-2023-52263 (GCVE-0-2023-52263)

    Vulnerability from nvd – Published: 2023-12-30 00:00 – Updated: 2024-08-02 22:55
    VLAI
    Summary
    Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.626Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-browser/issues/32449"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-core/pull/19820"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-browser/issues/32473"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-30T18:59:42.915Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/brave/brave-browser/issues/32449"
            },
            {
              "url": "https://github.com/brave/brave-core/pull/19820"
            },
            {
              "url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
            },
            {
              "url": "https://github.com/brave/brave-browser/issues/32473"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-52263",
        "datePublished": "2023-12-30T00:00:00.000Z",
        "dateReserved": "2023-12-30T00:00:00.000Z",
        "dateUpdated": "2024-08-02T22:55:41.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28364 (GCVE-0-2023-28364)

    Vulnerability from nvd – Published: 2023-06-30 23:20 – Updated: 2024-11-26 19:47
    VLAI
    Summary
    An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Brave Software Brave Browser Android Affected: 1.52.117 , < 1.52.117 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:24.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1946534"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28364",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:47:50.142320Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:47:59.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Brave Browser Android",
              "vendor": "Brave Software",
              "versions": [
                {
                  "lessThan": "1.52.117",
                  "status": "affected",
                  "version": "1.52.117",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T23:20:12.719Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/1946534"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2023-28364",
        "datePublished": "2023-06-30T23:20:12.719Z",
        "dateReserved": "2023-03-15T01:00:13.221Z",
        "dateUpdated": "2024-11-26T19:47:59.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22917 (GCVE-0-2021-22917)

    Vulnerability from nvd – Published: 2021-07-12 10:22 – Updated: 2024-08-03 18:58
    VLAI
    Summary
    Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Information Disclosure (CWE-200)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/1077022 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a https://github.com/brave/brave-core Affected: Fixed in 1.20
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:58:26.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1077022"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "https://github.com/brave/brave-core",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in 1.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure (CWE-200)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-12T10:22:39.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1077022"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-22917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/brave/brave-core",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 1.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure (CWE-200)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1077022",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1077022"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-22917",
        "datePublished": "2021-07-12T10:22:39.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:58:26.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000461 (GCVE-0-2017-1000461)

    Vulnerability from nvd – Published: 2018-01-03 20:00 – Updated: 2024-09-17 02:56
    VLAI
    Summary
    Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:00:41.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-12-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-03T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-12-29",
              "ID": "CVE-2017-1000461",
              "REQUESTER": "psnyde2@uic.edu",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601",
                  "refsource": "MISC",
                  "url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000461",
        "datePublished": "2018-01-03T20:00:00.000Z",
        "dateReserved": "2018-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:56:48.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9473 (GCVE-0-2016-9473)

    Vulnerability from nvd – Published: 2017-03-28 02:46 – Updated: 2024-08-06 02:50
    VLAI
    Summary
    Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
    Severity
    No CVSS data available.
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information (CWE-451)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier Affected: Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier
    Date Public
    2017-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:50:38.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/brave/browser-ios/pull/504"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/issue/WLB-2017010042"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/175958"
              },
              {
                "name": "97155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-29T09:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/brave/browser-ios/pull/504"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2017010042"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/175958"
            },
            {
              "name": "97155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97155"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2016-9473",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/brave/browser-ios/pull/504",
                  "refsource": "MISC",
                  "url": "https://github.com/brave/browser-ios/pull/504"
                },
                {
                  "name": "https://cxsecurity.com/issue/WLB-2017010042",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/issue/WLB-2017010042"
                },
                {
                  "name": "https://hackerone.com/reports/175958",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/175958"
                },
                {
                  "name": "97155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97155"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2016-9473",
        "datePublished": "2017-03-28T02:46:00.000Z",
        "dateReserved": "2016-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:50:38.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52263 (GCVE-0-2023-52263)

    Vulnerability from cvelistv5 – Published: 2023-12-30 00:00 – Updated: 2024-08-02 22:55
    VLAI
    Summary
    Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:55:41.626Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-browser/issues/32449"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-core/pull/19820"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/brave/brave-browser/issues/32473"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-30T18:59:42.915Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/brave/brave-browser/issues/32449"
            },
            {
              "url": "https://github.com/brave/brave-core/pull/19820"
            },
            {
              "url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
            },
            {
              "url": "https://github.com/brave/brave-browser/issues/32473"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-52263",
        "datePublished": "2023-12-30T00:00:00.000Z",
        "dateReserved": "2023-12-30T00:00:00.000Z",
        "dateUpdated": "2024-08-02T22:55:41.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28364 (GCVE-0-2023-28364)

    Vulnerability from cvelistv5 – Published: 2023-06-30 23:20 – Updated: 2024-11-26 19:47
    VLAI
    Summary
    An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Brave Software Brave Browser Android Affected: 1.52.117 , < 1.52.117 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:24.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1946534"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28364",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:47:50.142320Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:47:59.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Brave Browser Android",
              "vendor": "Brave Software",
              "versions": [
                {
                  "lessThan": "1.52.117",
                  "status": "affected",
                  "version": "1.52.117",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T23:20:12.719Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/1946534"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2023-28364",
        "datePublished": "2023-06-30T23:20:12.719Z",
        "dateReserved": "2023-03-15T01:00:13.221Z",
        "dateUpdated": "2024-11-26T19:47:59.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22917 (GCVE-0-2021-22917)

    Vulnerability from cvelistv5 – Published: 2021-07-12 10:22 – Updated: 2024-08-03 18:58
    VLAI
    Summary
    Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Information Disclosure (CWE-200)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/1077022 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a https://github.com/brave/brave-core Affected: Fixed in 1.20
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:58:26.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1077022"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "https://github.com/brave/brave-core",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in 1.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure (CWE-200)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-12T10:22:39.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1077022"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-22917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/brave/brave-core",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 1.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure (CWE-200)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1077022",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1077022"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-22917",
        "datePublished": "2021-07-12T10:22:39.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:58:26.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000461 (GCVE-0-2017-1000461)

    Vulnerability from cvelistv5 – Published: 2018-01-03 20:00 – Updated: 2024-09-17 02:56
    VLAI
    Summary
    Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:00:41.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-12-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-03T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-12-29",
              "ID": "CVE-2017-1000461",
              "REQUESTER": "psnyde2@uic.edu",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601",
                  "refsource": "MISC",
                  "url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000461",
        "datePublished": "2018-01-03T20:00:00.000Z",
        "dateReserved": "2018-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:56:48.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9473 (GCVE-0-2016-9473)

    Vulnerability from cvelistv5 – Published: 2017-03-28 02:46 – Updated: 2024-08-06 02:50
    VLAI
    Summary
    Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
    Severity
    No CVSS data available.
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information (CWE-451)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier Affected: Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier
    Date Public
    2017-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:50:38.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/brave/browser-ios/pull/504"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/issue/WLB-2017010042"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/175958"
              },
              {
                "name": "97155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-29T09:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/brave/browser-ios/pull/504"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2017010042"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/175958"
            },
            {
              "name": "97155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97155"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2016-9473",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/brave/browser-ios/pull/504",
                  "refsource": "MISC",
                  "url": "https://github.com/brave/browser-ios/pull/504"
                },
                {
                  "name": "https://cxsecurity.com/issue/WLB-2017010042",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/issue/WLB-2017010042"
                },
                {
                  "name": "https://hackerone.com/reports/175958",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/175958"
                },
                {
                  "name": "97155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97155"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2016-9473",
        "datePublished": "2017-03-28T02:46:00.000Z",
        "dateReserved": "2016-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:50:38.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }