CVE-2019-13075
published 2019-06-30CVE-2019-13075: Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an…
PriorityP425medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
1.86%
76.6th percentile
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 68.0-1 (sid) | firefox 68.0-1 (sid) |
| debian | firefox-esr | < firefox 68.0-1 (sid) | firefox 68.0-1 (sid) |
| torproject | tor_browser | <= 8.5.3 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2019-13075: firefox - Tor Browser through 8.5.3 has an information exposure vulnerability. It allows r...
vendor_debian·2019·CVSS 5.3
CVE-2019-13075 [MEDIUM] CVE-2019-13075: firefox - Tor Browser through 8.5.3 has an information exposure vulnerability. It allows r...
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
Scope: local
sid: resolved (fixed in 68.0-1)
GHSA
GHSA-399p-gmjm-mpxv: Tor Browser through 8
ghsa_unreviewed·2022-05-24
CVE-2019-13075 [MEDIUM] CWE-200 GHSA-399p-gmjm-mpxv: Tor Browser through 8
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
OSV
CVE-2019-13075: Tor Browser through 8
osv·2019-06-30·CVSS 5.3
CVE-2019-13075 [MEDIUM] CVE-2019-13075: Tor Browser through 8
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element
bugzilla·2019-07-02·CVSS 5.3
CVE-2019-13075 [MEDIUM] CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element
CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
Reference:
https://hackerone.com/reports/588239
https://trac.torproject.org/projects/tor/ticket/30657
Discussion:
Created tor tracking bugs for this issue:
Affects: fedora-all [bug 1726253]
---
Created tor tracking bugs for this issue:
Affects: epel-all [bug 1726254]
---
Please note that this CVE affects torbrowser and not tor. We don't ship torbrowser (neither in Fedora nor in EPE
Bugzilla
CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [fedora-all]
bugzilla·2019-07-02·CVSS 5.3
CVE-2019-13075 [MEDIUM] CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [fedora-all]
CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
Bugzilla
CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [epel-all]
bugzilla·2019-07-02·CVSS 5.3
CVE-2019-13075 [MEDIUM] CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [epel-all]
CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple support
2019-06-30
Published