Reports in tor program: S.No Title Bounty 1 Linux TBB SFTP URI allows local IP disclosure $3000.0 2 Use-after-free during XML transformations (MFSA-2016-27) $300.0 3 'Request English versions of web pages for enhanced privacy' keeps previous (grayed out) settings $200.0 4 languagechange event fires simultaneously on all tabs $100.0 5 XSS on about:tbupdate $100.0 6 [Android org.torproject.android] Possible to force list of bridges $0.0 7 Sql query disclosure, $0.0 8 Stack overflow in UnbindFromTree (browser can be crashed remotely) $0.0 9 Overreads/overcopies in torsocks $0.0 10 potential memory corruption in or/buffers.c (particularly on 32 bit) $0.0 11 [tor] control connection pre-auth DoS (infinite loop) with --enable-bufferevents $0.0 12 [tor] libevent dns OOB read $0.0 13 Heap corruption via memarea.c $0.0 14 smartlist_add, smartlist_insert (may) cause heap corruption as a result of inadequate checks in smartlist_ensure_capacity $0.0 15 [tor] libevent dns remote stack overread vulnerability $0.0 16 libevent (stack) buffer overflow in evutil_parse_sockaddr_port $0.0 17 Enforce minimum master password complexity $0.0 18 Simple CSS line-height identifies platform $0.0 19 Scrollbar Width permits detecting browser platform $0.0 20 Uncloaking hidden services and hidden service users $0.0 21 Preferred language option fingerprinting issue in Tor Browser $0.0 22 Crashes/Buffer at 0x2C0086,name=PBrowser::Msg_Destroy $0.0 23 Use of uninitialized value in memarea_strdup (src/common/memarea.c:369) $0.0 24 Cross-domain linkability when system time changed in Tor Browser $0.0 25 Use of uninitialized value in networkstatus_parse_vote_from_string (src/or/routerparse.c:3533) $0.0 26 Access to local file system using javascript $0.0 27 16 instances where return value of OpenSSL i2d_RSAPublicKey is discarded -- might lead to use of uninitialized memory $0.0 28 [tor] pre-emptive defenses, potential vulnerabilities $0.0 29 Tor Browser: iframe with data: uri has access to parent window $0.0 30 De-anonymization by visiting specially crafted bookmark. $0.0 31 Expose relay IP in the debug (The source is different from the rendering) $0.0 32 Expose user IP if TOR crashs $0.0 33 Email Spoofing Possible on torproject.org Email Domain $0.0 34 Detecting Tor Browser UI Language $0.0 35 Detect Tor Browser's language $0.0 36 Use of unitialized value in token_check_object (src/or/parsecommon.c:224) $0.0 37 Information Exposure Through Directory Listing $0.0 38 Tor Browser using --log or --verbose logs the exact connection time a client connects to any v2 domains. $0.0 39 Address Bar Spoofing on TOR Browser $0.0 40 Snowflake server: Leak of TLS packets from other clients $0.0 41 Content spoofing on $0.0 42 https://get.ooni.torproject.org/ $0.0 43 Tor Project - Full Path Disclosure $0.0 44 Multiple Path Transversal Vulnerabilites $0.0 45 Report Regarding Security Vulnerability $0.0 46 solving TOR vulnerability, in other to make bruteforce difficult $0.0 47 [rt.torproject.org] No Rate Limitting on Login Form $0.0 48 Zip bomb $0.0 49 Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971) $0.0 50 SQL Injection in parameter REPORT $0.0 51 Potential IP revealing using UNC Path in Windows File Picker $0.0