Lucene search

MitreCVE-2019-13075

HistoryJun 30, 2019 - 2:15 p.m.

CVE-2019-13075

2019-06-3014:15:09

CWE-200

mitre

web.nvd.nist.gov

tor browser

cve-2019-13075

info exposure

vulnerability

nvd

firefox 68

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

61.3%

JSON

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser’s language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

Affected configurations

Nvd

Node

torprojecttor_browserRange≤8.5.3

VendorProductVersionCPE
torprojecttor_browser*cpe:2.3:a:torproject:tor_browser:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
torproject	tor_browser	*	cpe:2.3:a:torproject:tor_browser::::::::

References

hackerone.com/reports/588239

trac.torproject.org/projects/tor/ticket/30657

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

61.3%

JSON

Related for CVE-2019-13075