// For flags

CVE-2017-18256

Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.

Brave Browser, en versiones anteriores a la 0.13.0, permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante un argumento alert() largo en código JavaScript, ya que se gestionan de manera incorrecta los diálogos de ventana.

Brave Browser versions prior to 0.13.0 suffer from a long alert() argument denial of service vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-04-03 CVE Reserved
  • 2018-04-04 CVE Published
  • 2023-08-25 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://www.exploit-db.com/exploits/44474 2024-08-05
https://hackerone.com/reports/176066 2024-08-05
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Brave
Search vendor "Brave"
 Brave Browser
Search vendor "Brave" for product "Brave Browser"
 < 0.13.0
Search vendor "Brave" for product "Brave Browser" and version " < 0.13.0"
-
Affected