HIGH🇬🇧 English

CVE-2020-15502

CVSS 7.5v3.1pub. 2020-07-02upd. 2024-11-21

The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privacy policy.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Duckduckgo

    APP
    Duckduckgo
    ≤ 5.58.0≤ 7.47.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-44683HIGH8.2ten sam produkt

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.o...

CVE-2018-6849MEDIUM4.3ten sam produkt

In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client...

CVE-2020-15502 — HIGH 7.5 | CVEbaza.pl