Information Exposure Vulnerability in Tor Browser by The Tor Project
CVE-2019-12383

4.3MEDIUM

Key Information:

Vendor

Torproject

Status
Tor Browser
Vendor
CVE Published:
28 May 2019

What is CVE-2019-12383?

An information exposure vulnerability in Tor Browser before version 8.0.1 allows remote attackers to infer the browser's user interface locale by measuring the width of a specific button. This occurs despite users having the 'Don't send my language' privacy setting enabled, potentially compromising user anonymity and impacting overall privacy. Immediate updates and security reviews are recommended for affected users to mitigate any risks.

References

https://trac.torproject.org/projects/tor/ticket/24056
x_refsource_MISC
https://hackerone.com/reports/282748
x_refsource_MISC
https://gitweb.torproject.org/tor-browser.git/commit/?id=...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.