CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10799
https://notcve.org/view.php?id=CVE-2018-10799
07 May 2018 — A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element. Se ha descubierto un problema de bloqueo en Brave en versiones anteriores a la 0.14.0 (por ejemplo, en Linux). La vulnerabilidad está provocada por la gestión incorrecta de una URL larga formada por una concatenación window.location+='? • https://hackerone.com/reports/181558 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 2CVE-2016-10718 – Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
https://notcve.org/view.php?id=CVE-2016-10718
04 Apr 2018 — Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. Brave Browser, en versiones anteriores a la 0.13.0, permite que una pestaña se autocierre incluso aunque no haya sido abierta por un script, lo que resulta en una denegación de servicio (DoS). Brave Browser versions prior to 0.13.0 suffer from a window.close(self) denial of service vulnerability. • https://packetstorm.news/files/id/147188 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 7%CPEs: 1EXPL: 3CVE-2017-18256 – Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
https://notcve.org/view.php?id=CVE-2017-18256
04 Apr 2018 — Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled. Brave Browser, en versiones anteriores a la 0.13.0, permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante un argumento alert() largo en código JavaScript, ya que se gestionan de manera incorrecta los diálogos de ventana. Brave Browser versions prior to 0.13.0 suffer from a lon... • https://packetstorm.news/files/id/147187 •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000461
https://notcve.org/view.php?id=CVE-2017-1000461
03 Jan 2018 — Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). Las versiones 0.19.73 y anteriores de Brave Browser, de Brave Software, son vulnerables a un problema de control de acceso incorrecto en el componente "JS fingerprinting blocking". Esto resulta en que un sitio... • https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8458
https://notcve.org/view.php?id=CVE-2017-8458
03 May 2017 — Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. Brave Browser versión 0.12.4 tiene un problema de ofuscación URI en el que una cadena como https://safe.example.com@unsafe.example.com/ es mostrada sin una clara indicación a través de la interfaz de usuario de que no es un recurso del sitio web safe.example. • https://github.com/brave/browser-laptop/issues/4748 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8459
https://notcve.org/view.php?id=CVE-2017-8459
03 May 2017 — Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results ** EN DISPUTA ** Brave Browser 0.12.4 tiene un problema de ofuscación de barra de estado en el que un destino de redirección es mostrado posiblemente de una manera inesperada. NOTA: terceras partes están debatiendo sobre este problema, ya q... • https://hackerone.com/reports/175701 •
CVSS: 4.7EPSS: 1%CPEs: 2EXPL: 2CVE-2016-9473
https://notcve.org/view.php?id=CVE-2016-9473
28 Mar 2017 — Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. Brave Browser iOS en versiones anteriores a 1.2.18 y Brave Browser Android 1.9.56 y en versiones anteriores sufren de suplantación de barra de dirección completa, lo que permite a los atacantes engañar a una víctima mediante la visualización de una página maliciosa para nombres de dominio legítimos... • http://www.securityfocus.com/bid/97155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-451: User Interface (UI) Misrepresentation of Critical Information •