{"id":"CVE-2019-12383","details":"Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a \"Don't send my language\" setting.","modified":"2026-03-15T22:26:54.767318Z","published":"2019-05-28T03:29:00.513Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/108484"},{"type":"ADVISORY","url":"https://trac.torproject.org/projects/tor/ticket/24056"},{"type":"REPORT","url":"https://hackerone.com/reports/282748"},{"type":"FIX","url":"https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.1"}]},{"events":[{"introduced":"0"},{"fixed":"8.0.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12383.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}