PT-2019-6393 · Mozilla+2 · Firefox+1

Georg Koppen

Published

2019-05-27

Updated

2019-07-08

CVE-2019-13075

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tor Browser versions prior to 8.5.4

Description The issue allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This behavior is related to a similar issue in Firefox before version 68.

Recommendations For Tor Browser versions prior to 8.5.4, update to version 8.5.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of IFRAME elements until a patch is applied. Avoid using the title attribute of LINK elements for non-HTML pages in the affected browser versions.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2023-07805

CVE-2019-13075

Affected Products

Firefox

Tor Browser

PT-2019-6393 · Mozilla+2 · Firefox+1

CVE-2019-13075

Weakness Enumeration

Related Identifiers

Affected Products

References · 13