Search criteria
10 vulnerabilities found for browser by brave
CVE-2023-52263 (GCVE-0-2023-52263)
Vulnerability from nvd – Published: 2023-12-30 00:00 – Updated: 2024-08-02 22:55
VLAI?
Summary
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-browser/issues/32449"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-core/pull/19820"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-browser/issues/32473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-30T18:59:42.915891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/brave/brave-browser/issues/32449"
},
{
"url": "https://github.com/brave/brave-core/pull/19820"
},
{
"url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
},
{
"url": "https://github.com/brave/brave-browser/issues/32473"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52263",
"datePublished": "2023-12-30T00:00:00",
"dateReserved": "2023-12-30T00:00:00",
"dateUpdated": "2024-08-02T22:55:41.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28364 (GCVE-0-2023-28364)
Vulnerability from nvd – Published: 2023-06-30 23:20 – Updated: 2024-11-26 19:47
VLAI?
Summary
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brave Software | Brave Browser Android |
Affected:
1.52.117 , < 1.52.117
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1946534"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:47:50.142320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:47:59.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brave Browser Android",
"vendor": "Brave Software",
"versions": [
{
"lessThan": "1.52.117",
"status": "affected",
"version": "1.52.117",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T23:20:12.719Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1946534"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-28364",
"datePublished": "2023-06-30T23:20:12.719Z",
"dateReserved": "2023-03-15T01:00:13.221Z",
"dateUpdated": "2024-11-26T19:47:59.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22917 (GCVE-0-2021-22917)
Vulnerability from nvd – Published: 2021-07-12 10:22 – Updated: 2024-08-03 18:58
VLAI?
Summary
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Disclosure (CWE-200)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/brave/brave-core |
Affected:
Fixed in 1.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1077022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/brave/brave-core",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 1.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T10:22:39",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1077022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/brave/brave-core",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1077022",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1077022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22917",
"datePublished": "2021-07-12T10:22:39",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000461 (GCVE-0-2017-1000461)
Vulnerability from nvd – Published: 2018-01-03 20:00 – Updated: 2024-09-17 02:56
VLAI?
Summary
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000461",
"REQUESTER": "psnyde2@uic.edu",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601",
"refsource": "MISC",
"url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000461",
"datePublished": "2018-01-03T20:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T02:56:48.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9473 (GCVE-0-2016-9473)
Vulnerability from nvd – Published: 2017-03-28 02:46 – Updated: 2024-08-06 02:50
VLAI?
Summary
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
Severity ?
No CVSS data available.
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information (CWE-451)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier |
Affected:
Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/brave/browser-ios/pull/504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017010042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/175958"
},
{
"name": "97155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/brave/browser-ios/pull/504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017010042"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/175958"
},
{
"name": "97155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
"version": {
"version_data": [
{
"version_value": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/brave/browser-ios/pull/504",
"refsource": "MISC",
"url": "https://github.com/brave/browser-ios/pull/504"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017010042",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017010042"
},
{
"name": "https://hackerone.com/reports/175958",
"refsource": "MISC",
"url": "https://hackerone.com/reports/175958"
},
{
"name": "97155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9473",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52263 (GCVE-0-2023-52263)
Vulnerability from cvelistv5 – Published: 2023-12-30 00:00 – Updated: 2024-08-02 22:55
VLAI?
Summary
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-browser/issues/32449"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-core/pull/19820"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brave/brave-browser/issues/32473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-30T18:59:42.915891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/brave/brave-browser/issues/32449"
},
{
"url": "https://github.com/brave/brave-core/pull/19820"
},
{
"url": "https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"
},
{
"url": "https://github.com/brave/brave-browser/issues/32473"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52263",
"datePublished": "2023-12-30T00:00:00",
"dateReserved": "2023-12-30T00:00:00",
"dateUpdated": "2024-08-02T22:55:41.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28364 (GCVE-0-2023-28364)
Vulnerability from cvelistv5 – Published: 2023-06-30 23:20 – Updated: 2024-11-26 19:47
VLAI?
Summary
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brave Software | Brave Browser Android |
Affected:
1.52.117 , < 1.52.117
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1946534"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:47:50.142320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:47:59.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brave Browser Android",
"vendor": "Brave Software",
"versions": [
{
"lessThan": "1.52.117",
"status": "affected",
"version": "1.52.117",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T23:20:12.719Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1946534"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-28364",
"datePublished": "2023-06-30T23:20:12.719Z",
"dateReserved": "2023-03-15T01:00:13.221Z",
"dateUpdated": "2024-11-26T19:47:59.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22917 (GCVE-0-2021-22917)
Vulnerability from cvelistv5 – Published: 2021-07-12 10:22 – Updated: 2024-08-03 18:58
VLAI?
Summary
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Disclosure (CWE-200)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/brave/brave-core |
Affected:
Fixed in 1.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1077022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/brave/brave-core",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 1.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T10:22:39",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1077022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/brave/brave-core",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1077022",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1077022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22917",
"datePublished": "2021-07-12T10:22:39",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000461 (GCVE-0-2017-1000461)
Vulnerability from cvelistv5 – Published: 2018-01-03 20:00 – Updated: 2024-09-17 02:56
VLAI?
Summary
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000461",
"REQUESTER": "psnyde2@uic.edu",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brave Software\u0027s Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601",
"refsource": "MISC",
"url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000461",
"datePublished": "2018-01-03T20:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T02:56:48.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9473 (GCVE-0-2016-9473)
Vulnerability from cvelistv5 – Published: 2017-03-28 02:46 – Updated: 2024-08-06 02:50
VLAI?
Summary
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
Severity ?
No CVSS data available.
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information (CWE-451)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier |
Affected:
Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/brave/browser-ios/pull/504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017010042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/175958"
},
{
"name": "97155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/brave/browser-ios/pull/504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017010042"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/175958"
},
{
"name": "97155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier",
"version": {
"version_data": [
{
"version_value": "Brave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/brave/browser-ios/pull/504",
"refsource": "MISC",
"url": "https://github.com/brave/browser-ios/pull/504"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017010042",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017010042"
},
{
"name": "https://hackerone.com/reports/175958",
"refsource": "MISC",
"url": "https://hackerone.com/reports/175958"
},
{
"name": "97155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9473",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}