// For flags

CVE-2019-13075

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

El navegador Tor hasta la versión 8.5.3, presenta una vulnerabilidad de exposición de información. Permite a los atacantes remotos detectar el idioma del navegador por medio de vectores que incluyen un elemento IFRAME, debido a que el texto en ese idioma se incluye en el atributo title de un elemento LINK para una página que no es HTML. Esto está relacionado con un comportamiento de Firefox anterior a versión 68.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-06-30 CVE Reserved
  • 2019-06-30 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2025-04-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Torproject
Search vendor "Torproject"
 Tor Browser
Search vendor "Torproject" for product "Tor Browser"
 <= 8.5.3
Search vendor "Torproject" for product "Tor Browser" and version " <= 8.5.3"
-
Affected