Duckduckgo: >> Duckduckgo >> 4.2.0 Security Vulnerabilities
The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privacy policy.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-07-02
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
CVSS Score
4.3
EPSS Score
0.768
Published
2018-04-01