CVE-2019-13075

Description

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

How to fix CVE-2019-13075

To remediate CVE-2019-13075, upgrade the affected package to a fixed version below.

—upgrade to 68.2.0esr-1 or later

Is CVE-2019-13075 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 68.2.0esr-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-13075