Bug 1726252 (CVE-2019-13075)

Summary: CVE-2019-13075 tor: information disclosure via vectors involving IFRAME element
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CANTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: lewk, mh, pwouters, rh-bugzilla, s
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-09 06:39:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1726253, 1726254    
Bug Blocks:    

Description Dhananjay Arunesh 2019-07-02 12:35:50 UTC
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

Reference:
https://hackerone.com/reports/588239
https://trac.torproject.org/projects/tor/ticket/30657

Comment 1 Dhananjay Arunesh 2019-07-02 12:36:54 UTC
Created tor tracking bugs for this issue:

Affects: fedora-all [bug 1726253]

Comment 2 Dhananjay Arunesh 2019-07-02 12:37:42 UTC
Created tor tracking bugs for this issue:

Affects: epel-all [bug 1726254]

Comment 3 Marcel Haerry 2019-07-09 06:39:53 UTC
Please note that this CVE affects torbrowser and not tor. We don't ship torbrowser (neither in Fedora nor in EPEL) and I closed the tracking bugs opened against tor, as they can't be fixed there.