5 matches found
CVE-2019-12383
CVE-2019-12383 affects Tor Browser prior to 8.0.1, exposing the browser UI locale by measuring a button width even when users enable “Don’t send my language.” Root cause: information exposure via UI rendering measurements; impact: potential disclosure of user language settings. The connected docu...
CVE-2019-13075
Summary: CVE-2019-13075 affects Tor Browser up to v8.5.3, exposing the browser language. Affected software: Tor Browser (based on Firefox) prior to version 68 behavior. Root cause / vector: An information exposure via an IFRAME, where the language text is embedded in the title attribute of a LINK...
CVE-2018-16983
CVE-2018-16983 affects NoScript Classic prior to 5.1.8.7 (used in Tor Browser 7.x and other products). The issue lets an attacker bypass script blocking by manipulating the Content-Type value text/html;/json, enabling bypass of the NoScript protection. Impact is described as content-script/script...
CVE-2017-16639
CVE-2017-16639 affects Tor Browser on Windows prior to 8.0. The issue allows remote attackers to bypass the intended anonymity feature and reveal the client IP address. User interaction is required to trigger this vulnerability. The available connected sources identify the vulnerability and its i...
CVE-2021-39246
CVE-2021-39246 affects Tor Browser versions up to 10.5.6 and 11.x up to 11.0a4. The issue enables a correlation attack that can compromise the privacy of visits to v2 onion addresses by logging exact timestamps of onion-service visits locally, which an attacker could compare with timestamp data f...