TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.
98ad8fa1e2be0c10bbbb3b46fcb9cb4ff3e65dec0ce7c05e95e2dbb0691343c0Advisory ID: SGMA17-003
Title: TorMoil: TorBrowser unspecified critical security vulnerability
Product: Tor Browser
Version: 7.0.8 and probably prior
Vendor: torproject.org
Vulnerability type: Unspecified
Risk level: 5 / 5
Credit: Filippo Cavallarin - wearesegment.com
CVE: N / A
Vendor notification: 10-26-2017
Vendor Fix: 11-03-2017
Public disclosure: 11-03-2017
Details
TorBrowser version 7.0.8, and probably prior,for Mac OS X and Linux, is affected
by a critical security issue. According to the Tor Project, further details will
be released in the near future.
Due to a Firefox bug in handling file:// URLs it is possible on both systems that
users leak their IP address. Once an affected user navigates to a specially crafted
web page, the operating system may directly connect to the remote host,
bypassing Tor Browser.
Users are strongly advised to keep their TorBrowser updated.
We named this vulnerability TorMoil.
Solution
Update TorBrowser to version 7.0.9
References
https://www.torproject.org/
https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/
https://www.wearesegment.com/news/the-tormoil-bug-torbrowser-critical-security-vulnerability/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed