CVE-2017-16639 — Sensitive Information Exposure in TOR Browser

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 30.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR Browser

Timeline

PublishedSep 14

Latest updateMay 14

Description

Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDtorproject/tor_browser< 8.0

🔴Vulnerability Details

GHSA

GHSA-26f9-32j2-77qg: Tor Browser on Windows before 8↗2022-05-14

▶