Vulnerabilities > CVE-2019-12383 - Information Exposure Through Discrepancy vulnerability in Torproject TOR Browser
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/108484
- http://www.securityfocus.com/bid/108484
- https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55
- https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55
- https://hackerone.com/reports/282748
- https://hackerone.com/reports/282748
- https://trac.torproject.org/projects/tor/ticket/24056
- https://trac.torproject.org/projects/tor/ticket/24056