CVE-2019-13075 — Sensitive Information Exposure in Firefox

CWE-200 — Sensitive Information Exposure7 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 65.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Firefox Debian Firefox-esr Torproject TOR Browser

Timeline

PublishedJun 30

Latest updateMay 24

Description

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDtorproject/tor_browser8.5.3

▶debiandebian/firefox< firefox 68.0-1 (sid)

▶debiandebian/firefox-esr< firefox 68.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-399p-gmjm-mpxv: Tor Browser through 8↗2022-05-24

▶

OSV

CVE-2019-13075: Tor Browser through 8↗2019-06-30

▶

📋Vendor Advisories

Debian

CVE-2019-13075: firefox - Tor Browser through 8.5.3 has an information exposure vulnerability. It allows r...↗2019

▶

💬Community

Bugzilla

CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element↗2019-07-02

▶

Bugzilla

CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [fedora-all]↗2019-07-02

▶

Bugzilla

CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [epel-all]↗2019-07-02

▶