CVE-2019-13075
MEDIUMTor Browser < 8.5.3 - Language Detection via IFRAME LINK Title Attribute
Title source: llmDescription
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://trac.torproject.org/projects/tor/ticket/30657
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/588239
Scores
CVSS v3
5.3
EPSS
0.0186
EPSS Percentile
76.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
torproject/tor_browser
< 8.5.3
Published
Jun 30, 2019
Tracked Since
Feb 18, 2026