Description
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://trac.torproject.org/projects/tor/ticket/24056
Issue Tracking, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/282748
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108484
Scores
CVSS v3
4.3
EPSS
0.0216
EPSS Percentile
79.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (1)
torproject/tor_browser
< 8.0.1
Published
May 28, 2019
Tracked Since
Feb 18, 2026