CVE Details for CVE: CVE-2019-12383
Summary
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
| Timestamps | |
|---|---|
| Last major update | 24-08-2020 - 17:37 |
| Published | 28-05-2019 - 03:29 |
| Last modified | 24-08-2020 - 17:37 |
Vulnerable Configurations
-
cpe:2.3:a:torproject:tor_browser:-:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:-:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:5.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:5.5.3:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:5.5.4:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:5.5.5:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.3:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.4:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.5:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.6:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.7:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.0.8:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.5:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.5:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:6.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.3:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.4:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.5:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.6:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.7:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.9:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.10:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.0.11:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.5:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.5:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.5.3:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.5.3:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:7.5.6:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:7.5.6:*:*:*:*:*:*:*
-
cpe:2.3:a:torproject:tor_browser:8.0:*:*:*:*:*:*:*
cpe:2.3:a:torproject:tor_browser:8.0:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
-
Black Box Reverse Engineering
An attacker discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs.
CWE
CVSS
Base
4.3
Impact
2.9
Exploitability
8.6
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | NONE | NONE |
CVSS3
Base
4.3
Impact
1.4
Exploitability
2.8
Access
| Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
|---|---|---|---|---|
| LOW | NETWORK | NONE | UNCHANGED | REQUIRED |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| LOW | NONE | NONE |