Tor - HackerOne Reports
View on HackerOne51
Total Reports
2
Critical
9
High
5
Medium
11
Low
'Request English versions of web pages for enhanced privacy' keeps previous (grayed out) settings
Reported by:
andreien
|
Disclosed:
Weakness: Information Disclosure
Bounty: $200.00
https://get.ooni.torproject.org/
Reported by:
ba4fe4ca95021d367f8a574
|
Disclosed:
Detect Tor Browser's language
Reported by:
ryotak
|
Disclosed:
Weakness: Privacy Violation
[tor] libevent dns remote stack overread vulnerability
Reported by:
guido
|
Disclosed:
Weakness: Memory Corruption - Generic
[tor] libevent dns OOB read
Reported by:
guido
|
Disclosed:
Weakness: Memory Corruption - Generic
Uncloaking hidden services and hidden service users
Reported by:
hackerfactor
|
Disclosed:
Weakness: Man-in-the-Middle
[tor] pre-emptive defenses, potential vulnerabilities
Reported by:
guido
|
Disclosed:
Weakness: Violation of Secure Design Principles
Use-after-free during XML transformations (MFSA-2016-27)
Reported by:
agarri_fr
|
Disclosed:
Weakness: Memory Corruption - Generic
Bounty: $300.00
CVEs:
CVE-2016-1964
Overreads/overcopies in torsocks
Reported by:
guido
|
Disclosed:
Weakness: Memory Corruption - Generic
Cross-domain linkability when system time changed in Tor Browser
Reported by:
newfunction
|
Disclosed:
Low
Weakness: Privacy Violation
Detecting Tor Browser UI Language
Reported by:
newfunction
|
Disclosed:
Low
Weakness: Privacy Violation
Previous
Page 3 of 3