In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
duckduckgo duckduckgo 4.2.0 |