High severity7.5NVD Advisory· Published Jul 2, 2020· Updated Jun 17, 2026
CVE-2020-15502
CVE-2020-15502
Description
The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated "the favicon service adheres to our strict privacy policy.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DuckDuckGo/DuckDuckGo applicationdescription
- Range: <=5.58.0 for Android, <=7.47.1.0 for iOS
Patches
Vulnerability mechanics
References
5- github.com/duckduckgo/Android/blob/e2f2d54a6b4452277467db403a3546512401b493/app/src/main/java/com/duckduckgo/app/global/UriExtension.ktnvdPatchThird Party Advisory
- news.ycombinator.com/itemnvdPatchThird Party Advisory
- github.com/duckduckgo/Android/issues/527nvdThird Party Advisory
- github.com/duckduckgo/iOS/blob/1ae03d7221180bd6791cf6f7f06922a96335cf75/Core/AppUrls.swiftnvdThird Party Advisory
- news.ycombinator.com/itemnvdThird Party Advisory
News mentions
0No linked articles in our index yet.