CVE-2019-13075 — MEDIUM (5.3)

Q: How severe is CVE-2019-13075?

CVE-2019-13075 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-13075?

Check the references section above for vendor advisories and patch information. Affected products include: Torproject Tor Browser.

Vulnerability Description

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Torproject	Tor Browser	<= 8.5.3

Related Weaknesses (CWE)

CWE-200

References

https://hackerone.com/reports/588239ExploitIssue TrackingThird Party Advisory
https://trac.torproject.org/projects/tor/ticket/30657Vendor Advisory
https://hackerone.com/reports/588239ExploitIssue TrackingThird Party Advisory
https://trac.torproject.org/projects/tor/ticket/30657Vendor Advisory

FAQ

What is CVE-2019-13075?

CVE-2019-13075 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language ...

How severe is CVE-2019-13075?

CVE-2019-13075 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13075?

Check the references section above for vendor advisories and patch information. Affected products include: Torproject Tor Browser.