Skip to main content

Tor Browser

4 CVEs product

Monthly

CVE-2021-39246 MEDIUM POC PATCH This Month

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Browser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-13075 MEDIUM POC This Month

Tor Browser through 8.5.3 has an information exposure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Tor Browser
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2019-12383 MEDIUM PATCH This Month

Tor Browser before 8.0.1 has an information exposure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tor Browser
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2018-16983 CRITICAL Act Now

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Noscript Tor Browser
NVD
CVSS 3.0
9.8
EPSS
3.1%
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Browser
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Tor Browser through 8.5.3 has an information exposure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Tor Browser
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Tor Browser before 8.0.1 has an information exposure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tor Browser
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Noscript Tor Browser
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy