Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
References
Link | Resource |
---|---|
https://hackerone.com/reports/588239 | Exploit Issue Tracking Third Party Advisory |
https://trac.torproject.org/projects/tor/ticket/30657 | Vendor Advisory |
https://hackerone.com/reports/588239 | Exploit Issue Tracking Third Party Advisory |
https://trac.torproject.org/projects/tor/ticket/30657 | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://hackerone.com/reports/588239 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://trac.torproject.org/projects/tor/ticket/30657 - Vendor Advisory |
Information
Published : 2019-06-30 14:15
Updated : 2024-11-21 04:24
NVD link : CVE-2019-13075
Mitre link : CVE-2019-13075
CVE.ORG link : CVE-2019-13075
JSON object : View
Products Affected
torproject
- tor_browser
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor