CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2016-10718 – Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
https://notcve.org/view.php?id=CVE-2016-10718
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. Brave Browser, en versiones anteriores a la 0.13.0, permite que una pestaña se autocierre incluso aunque no haya sido abierta por un script, lo que resulta en una denegación de servicio (DoS). Brave Browser versions prior to 0.13.0 suffer from a window.close(self) denial of service vulnerability. • https://www.exploit-db.com/exploits/44475 https://github.com/brave/browser-laptop/issues/5006 https://github.com/brave/browser-laptop/issues/5007 https://hackerone.com/reports/176197 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000461
https://notcve.org/view.php?id=CVE-2017-1000461
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). Las versiones 0.19.73 y anteriores de Brave Browser, de Brave Software, son vulnerables a un problema de control de acceso incorrecto en el componente "JS fingerprinting blocking". Esto resulta en que un sitio web malicioso es capaz de acceder a la funcionalidad del navegador asociada a la huella digital, que el navegador intenta bloquear. • https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 2CVE-2016-9473
https://notcve.org/view.php?id=CVE-2016-9473
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. Brave Browser iOS en versiones anteriores a 1.2.18 y Brave Browser Android 1.9.56 y en versiones anteriores sufren de suplantación de barra de dirección completa, lo que permite a los atacantes engañar a una víctima mediante la visualización de una página maliciosa para nombres de dominio legítimos. • http://www.securityfocus.com/bid/97155 https://cxsecurity.com/issue/WLB-2017010042 https://github.com/brave/browser-ios/pull/504 https://hackerone.com/reports/175958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-451: User Interface (UI) Misrepresentation of Critical Information •