Vulnerability Details CVE-2019-12383
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/108484
- https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55
- https://hackerone.com/reports/282748
- https://trac.torproject.org/projects/tor/ticket/24056
- http://www.securityfocus.com/bid/108484
- https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55
- https://hackerone.com/reports/282748
- https://trac.torproject.org/projects/tor/ticket/24056
Products affected by CVE-2019-12383
-
cpe:2.3:a:torproject:tor_browser:-
-
cpe:2.3:a:torproject:tor_browser:5.5.2
-
cpe:2.3:a:torproject:tor_browser:5.5.3
-
cpe:2.3:a:torproject:tor_browser:5.5.4
-
cpe:2.3:a:torproject:tor_browser:5.5.5
-
cpe:2.3:a:torproject:tor_browser:6.0
-
cpe:2.3:a:torproject:tor_browser:6.0.1
-
cpe:2.3:a:torproject:tor_browser:6.0.2
-
cpe:2.3:a:torproject:tor_browser:6.0.3
-
cpe:2.3:a:torproject:tor_browser:6.0.4
-
cpe:2.3:a:torproject:tor_browser:6.0.5
-
cpe:2.3:a:torproject:tor_browser:6.0.6
-
cpe:2.3:a:torproject:tor_browser:6.0.7
-
cpe:2.3:a:torproject:tor_browser:6.0.8
-
cpe:2.3:a:torproject:tor_browser:6.5
-
cpe:2.3:a:torproject:tor_browser:6.5.1
-
cpe:2.3:a:torproject:tor_browser:6.5.2
-
cpe:2.3:a:torproject:tor_browser:7.0
-
cpe:2.3:a:torproject:tor_browser:7.0.1
-
cpe:2.3:a:torproject:tor_browser:7.0.10
-
cpe:2.3:a:torproject:tor_browser:7.0.11
-
cpe:2.3:a:torproject:tor_browser:7.0.2
-
cpe:2.3:a:torproject:tor_browser:7.0.3
-
cpe:2.3:a:torproject:tor_browser:7.0.4
-
cpe:2.3:a:torproject:tor_browser:7.0.5
-
cpe:2.3:a:torproject:tor_browser:7.0.6
-
cpe:2.3:a:torproject:tor_browser:7.0.7
-
cpe:2.3:a:torproject:tor_browser:7.0.9
-
cpe:2.3:a:torproject:tor_browser:7.5
-
cpe:2.3:a:torproject:tor_browser:7.5.3
-
cpe:2.3:a:torproject:tor_browser:7.5.6
-
cpe:2.3:a:torproject:tor_browser:8.0