CVE-2019-13075

Name of the Vulnerable Software and Affected Versions Tor Browser versions prior to 8.5.4

Description The issue allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This behavior is related to a similar issue in Firefox before version 68.

Recommendations For Tor Browser versions prior to 8.5.4, update to version 8.5.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of IFRAME elements until a patch is applied. Avoid using the title attribute of LINK elements for non-HTML pages in the affected browser versions.