CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-18256 – Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
https://notcve.org/view.php?id=CVE-2017-18256
Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled. Brave Browser, en versiones anteriores a la 0.13.0, permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante un argumento alert() largo en código JavaScript, ya que se gestionan de manera incorrecta los diálogos de ventana. Brave Browser versions prior to 0.13.0 suffer from a long alert() argument denial of service vulnerability. • https://www.exploit-db.com/exploits/44474 https://hackerone.com/reports/176066 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2016-10718 – Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
https://notcve.org/view.php?id=CVE-2016-10718
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. Brave Browser, en versiones anteriores a la 0.13.0, permite que una pestaña se autocierre incluso aunque no haya sido abierta por un script, lo que resulta en una denegación de servicio (DoS). Brave Browser versions prior to 0.13.0 suffer from a window.close(self) denial of service vulnerability. • https://www.exploit-db.com/exploits/44475 https://github.com/brave/browser-laptop/issues/5006 https://github.com/brave/browser-laptop/issues/5007 https://hackerone.com/reports/176197 • CWE-20: Improper Input Validation •