CVE-2021-21323 – Regression in DNS leakage from Tor windows
https://notcve.org/view.php?id=CVE-2021-21323
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108 Brave es un navegador web de código abierto que se centra en la privacidad y la seguridad. • https://github.com/brave/brave-browser/issues/13527 https://github.com/brave/brave-browser/security/advisories/GHSA-mqjf-9x5g-2rv6 https://github.com/brave/brave-core/commit/12fe321eaad8acc1cbd1d70b4128f687777bcf15 https://github.com/brave/brave-core/pull/7769 https://hackerone.com/reports/1077022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-8276
https://notcve.org/view.php?id=CVE-2020-8276
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window. La implementación del sistema de análisis de preservación de la privacidad de Brave Desktop (P3A) versiones entre 1.1 y 1.18.35, registró la marca de tiempo de la última vez que el usuario abrió una ventana de incógnito, incluyendo las ventanas Tor. El comportamiento previsto era registrar la marca de tiempo para las ventanas de incógnito, excluidas las ventanas Tor. • https://hackerone.com/reports/1024668 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2018-1000815
https://notcve.org/view.php?id=CVE-2018-1000815
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2. Brave, de Brave Software Inc., de la versión 0.22.810 a la 0.24.0, contiene una vulnerabilidad desconocida en la función ContentSettingsObserver::AllowScript() en content_settings_observer.cc que puede resultar en que los sitios web puedan ejecutar JavaScript inline incluso aunque el script esté bloqueado, haciendo que a los atacantes les resulte más fácil rastrear usuarios. • https://github.com/brave/browser-laptop/issues/15232 https://github.com/brave/muon/commit/c18663aa171c6cdf03da3e8c70df8663645b97c4 https://github.com/brave/muon/pull/651 • CWE-20: Improper Input Validation •
CVE-2018-10799
https://notcve.org/view.php?id=CVE-2018-10799
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element. Se ha descubierto un problema de bloqueo en Brave en versiones anteriores a la 0.14.0 (por ejemplo, en Linux). La vulnerabilidad está provocada por la gestión incorrecta de una URL larga formada por una concatenación window.location+='? • https://hackerone.com/reports/181558 • CWE-20: Improper Input Validation •
CVE-2018-10798
https://notcve.org/view.php?id=CVE-2018-10798
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second. Se ha descubierto un problema de bloqueo en Brave en versiones anteriores a la 0.14.0 (por ejemplo, en Linux). La vulnerabilidad está provocada por la gestión incorrecta de código JavaScript que desencadena la recarga de una página continuamente con un intervalo de 1 segundo. • https://hackerone.com/reports/181686 • CWE-20: Improper Input Validation •