Information Exposure Vulnerability in Tor Browser by Tor Project
CVE-2019-13075

5.3MEDIUM

Key Information:

Vendor: Torproject
Status: Tor Browser
Vendor: CVE Published:; 30 June 2019

What is CVE-2019-13075?

The Tor Browser versions up to 8.5.3 are affected by a vulnerability that allows remote attackers to infer the browser's language settings. This occurs through an information exposure flaw involving an IFRAME element, where the language-specific text is unintentionally made accessible via the title attribute of a LINK element associated with a non-HTML page. This behavior mirrors certain vulnerabilities previously identified in Firefox versions earlier than 68, potentially compromising user privacy and exposing sensitive information by revealing the user's preferred language.

References

https://trac.torproject.org/projects/tor/ticket/30657

x_refsource_MISC

https://hackerone.com/reports/588239

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2019
Vulnerability Reserved
Jun 30, 2019

CVE-2019-13075 Data

JSON

Torproject

What is CVE-2019-13075?

References

CVSS V3.1

Timeline