what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Tor Browser 7.0.8 IP Address Leak

Tor Browser 7.0.8 IP Address Leak
Posted Nov 3, 2017
Authored by Filippo Cavallarin

TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.

tags | advisory, remote, web
systems | linux, apple, osx
SHA-256 | 98ad8fa1e2be0c10bbbb3b46fcb9cb4ff3e65dec0ce7c05e95e2dbb0691343c0

Tor Browser 7.0.8 IP Address Leak

Change Mirror Download
Advisory ID: SGMA17-003
Title: TorMoil: TorBrowser unspecified critical security vulnerability
Product: Tor Browser
Version: 7.0.8 and probably prior
Vendor: torproject.org
Vulnerability type: Unspecified
Risk level: 5 / 5
Credit: Filippo Cavallarin - wearesegment.com
CVE: N / A
Vendor notification: 10-26-2017
Vendor Fix: 11-03-2017
Public disclosure: 11-03-2017

Details

TorBrowser version 7.0.8, and probably prior,for Mac OS X and Linux, is affected
by a critical security issue. According to the Tor Project, further details will
be released in the near future.

Due to a Firefox bug in handling file:// URLs it is possible on both systems that
users leak their IP address. Once an affected user navigates to a specially crafted
web page, the operating system may directly connect to the remote host,
bypassing Tor Browser.

Users are strongly advised to keep their TorBrowser updated.

We named this vulnerability TorMoil.

Solution

Update TorBrowser to version 7.0.9


References

https://www.torproject.org/
https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/
https://www.wearesegment.com/news/the-tormoil-bug-torbrowser-critical-security-vulnerability/
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close