Lucene search

Ubuntu.comUB:CVE-2019-13075

HistoryJun 30, 2019 - 12:00 a.m.

CVE-2019-13075

2019-06-3000:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

61.3%

JSON

Tor Browser through 8.5.3 has an information exposure vulnerability. It
allows remote attackers to detect the browser’s language via vectors
involving an IFRAME element, because text in that language is included in
the title attribute of a LINK element for a non-HTML page. This is related
to a behavior of Firefox before 68.

Bugs

<https://trac.torproject.org/projects/tor/ticket/30657>

Notes

Author	Note
mdeslaur	doesn’t affect firefox by itself fixed in firefox 68

References

hackerone.com/reports/588239

launchpad.net/bugs/cve/CVE-2019-13075

nvd.nist.gov/vuln/detail/CVE-2019-13075

security-tracker.debian.org/tracker/CVE-2019-13075

www.cve.org/CVERecord?id=CVE-2019-13075

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

61.3%

JSON

Related for UB:CVE-2019-13075