CVE Details for CVE: CVE-2019-12383
Summary
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
Timestamps
Last major update 24-08-2020 - 17:37
Published 28-05-2019 - 03:29
Last modified 24-08-2020 - 17:37
Vulnerable Configurations
  • cpe:2.3:a:torproject:tor_browser:-:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:-:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:8.0:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
  • An attacker discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs.
CWE
CVSS
Base
4.3
Impact
2.9
Exploitability
8.6
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
CVSS3
Base
4.3
Impact
1.4
Exploitability
2.8
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED REQUIRED
Impact
ConfidentialityIntegrityAvailability
LOW NONE NONE
VIA4 references
cvss-vector via4
AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss3-vector via4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N