Newfunction

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 8.10.1 **Description** The issue is related to the implementation of the HSTS (HTTP Strict Transport Security) mechanism in the curl utility. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended. **Recommendations** To resolve the issue, update curl to version 8.10.1 or later. As a temporary workaround, consider restricting the influence of subdomains on the HSTS cache of parent domains to minimize the risk of exploitation. Avoid using the `HTTP://` scheme for transfers with hosts that have subdomains, and instead use the `HTTPS://` scheme to ensure secure connections.

**Name of the Vulnerable Software and Affected Versions** Brave Browser Desktop versions 1.17 through 1.20 **Description** The issue concerns information disclosure through DNS requests in Tor windows that do not flow through Tor when adblocking is enabled. **Recommendations** For versions 1.17 through 1.20, consider disabling adblocking in Tor windows as a temporary workaround until a patch is available. Restrict the use of Tor windows with adblocking enabled to minimize the risk of information disclosure.

**Name of the Vulnerable Software and Affected Versions** Brave versions 1.17.73 through 1.20.103 **Description** The issue concerns the CNAME adblocking feature in Brave, which was added in version 1.17.73. This feature accidentally initiated DNS requests that bypassed the Brave Tor proxy. As a result, users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. DNS requests not initiated by CNAME adblocking would still go through Tor as expected. **Recommendations** For versions 1.17.73 through 1.20.103, update to version 1.20.108 to resolve the issue. As a temporary workaround, consider disabling the CNAME adblocking feature until the update to version 1.20.108 is applied.