CVE Details
ID CVE-2019-12383
Summary Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
References
Vulnerable Configurations
  • cpe:2.3:a:torproject:tor_browser:-:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:-:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:7.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:7.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor_browser:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor_browser:8.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 24-08-2020 - 17:37)
Impact: 2.9
Exploitability:8.6
CWE CWE-203
CAPEC Click the CAPEC title to display a description
  • An attacker discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
CVSS v3.1
Base: 4.3 (as of 24-08-2020 - 17:37)
Impact: 1.4
Exploitability:2.8
Exploitability v3.1
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED REQUIRED
Impact v3.1
ConfidentialityIntegrityAvailability
LOW NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss3-vector via4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
refmap via4
bid 108484
misc
Last major update 24-08-2020 - 17:37
Published 28-05-2019 - 03:29
Last modified 24-08-2020 - 17:37
Back to Top