Tor Browser 7.0.8 IP Address Leak

2017.11.04
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Advisory ID: SGMA17-003 Title: TorMoil: TorBrowser unspecified critical security vulnerability Product: Tor Browser Version: 7.0.8 and probably prior Vendor: torproject.org Vulnerability type: Unspecified Risk level: 5 / 5 Credit: Filippo Cavallarin - wearesegment.com CVE: N / A Vendor notification: 10-26-2017 Vendor Fix: 11-03-2017 Public disclosure: 11-03-2017 Details TorBrowser version 7.0.8, and probably prior,for Mac OS X and Linux, is affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser. Users are strongly advised to keep their TorBrowser updated. We named this vulnerability TorMoil. Solution Update TorBrowser to version 7.0.9 References https://www.torproject.org/ https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/ https://www.wearesegment.com/news/the-tormoil-bug-torbrowser-critical-security-vulnerability/

References:

https://www.torproject.org/
https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/
https://www.wearesegment.com/news/the-tormoil-bug-torbrowser-critical-security-vulnerability/


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top