CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
References
Link Resource
https://hackerone.com/reports/588239 Exploit Issue Tracking Third Party Advisory
https://trac.torproject.org/projects/tor/ticket/30657 Vendor Advisory
https://hackerone.com/reports/588239 Exploit Issue Tracking Third Party Advisory
https://trac.torproject.org/projects/tor/ticket/30657 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:torproject:tor_browser:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:24

Type Values Removed Values Added
References () https://hackerone.com/reports/588239 - Exploit, Issue Tracking, Third Party Advisory () https://hackerone.com/reports/588239 - Exploit, Issue Tracking, Third Party Advisory
References () https://trac.torproject.org/projects/tor/ticket/30657 - Vendor Advisory () https://trac.torproject.org/projects/tor/ticket/30657 - Vendor Advisory

Information

Published : 2019-06-30 14:15

Updated : 2024-11-21 04:24


NVD link : CVE-2019-13075

Mitre link : CVE-2019-13075

CVE.ORG link : CVE-2019-13075


JSON object : View

Products Affected

torproject

  • tor_browser
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor