CVE-2019-13075: Infoleak
First published: Sun Jun 30 2019(Updated: )
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Torproject Tor Browser | <=8.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-13075?
CVE-2019-13075 is an information exposure vulnerability in Tor Browser through version 8.5.3.
How does CVE-2019-13075 affect Tor Browser?
CVE-2019-13075 allows remote attackers to detect the browser's language through vectors involving an IFRAME element.
What is the severity of CVE-2019-13075?
CVE-2019-13075 has a severity rating of medium with a CVSS score of 5.3.
Is there a fix available for CVE-2019-13075?
Yes, upgrading to the latest version of Tor Browser, specifically version 8.5.4 or later, will fix this vulnerability.
Where can I find more information about CVE-2019-13075?
You can find more information about CVE-2019-13075 on the Tor Project's ticket tracking system as well as the HackerOne report linked in the references.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/torproject
- canonical/torproject tor browser
- version/torproject tor browser/8.5.3