CVE-2024-37406
https://notcve.org/view.php?id=CVE-2024-37406
In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. • https://hackerone.com/reports/2501378 • CWE-20: Improper Input Validation •
CVE-2023-52263
https://notcve.org/view.php?id=CVE-2023-52263
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. Brave Browser anterior a 1.59.40 no restringe adecuadamente el esquema para la fábrica WebUI y la redirección. Esto está relacionado con browser/brave_content_browser_client.cc y browser/ui/webui/brave_web_ui_controller_factory.cc. • https://github.com/brave/brave-browser/issues/32449 https://github.com/brave/brave-browser/issues/32473 https://github.com/brave/brave-core/pull/19820 https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-28364
https://notcve.org/view.php?id=CVE-2023-28364
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. • https://hackerone.com/reports/1946534 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-22917
https://notcve.org/view.php?id=CVE-2021-22917
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. Brave Browser Desktop entre las versiones 1.17 y 1.20, es vulnerable a una divulgación de información por medio de peticiones DNS en ventanas Tor que no fluyen mediante Tor si el bloqueo de anuncios estaba activado • https://hackerone.com/reports/1077022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-18256 – Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
https://notcve.org/view.php?id=CVE-2017-18256
Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled. Brave Browser, en versiones anteriores a la 0.13.0, permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante un argumento alert() largo en código JavaScript, ya que se gestionan de manera incorrecta los diálogos de ventana. Brave Browser versions prior to 0.13.0 suffer from a long alert() argument denial of service vulnerability. • https://www.exploit-db.com/exploits/44474 https://hackerone.com/reports/176066 •