- ARC: How to Prevent USB Attacks
- Rockwell Working on PowerMonitor 1000 Fix
- Horner Clears Cscape Vulnerability
- Delta Fixes it Industrial Automation CNCSoft
- Intel Has Fix for Data Center Manager SDK Holes
- Thermal Fatigue Led to MS Gas Plant Blast …
- … 3D Model of Failed Heat Exchanger
- Fukushima Report: Robot Lifts Melted Fuel
Chemical Safety Incidents
Zero Day Hits Tor Browser
Wednesday, September 12, 2018 @ 10:09 AM gHale
There is a Tor Browser 7.x Zero Day that can allow malicious code to run inside the browser, a researcher said.
Tor Browser is a modified version of Mozilla’s Firefox ESR which bundles the NoScript and HTTPS Everywhere extensions, together with an installation of the TOR network accessible via the TorButton, TorLauncher, and Tor proxy.
RELATED STORIES
New Tor Browser Version Releases
Speech-Based Two-Factor Authentication
Just Released Firefox Browser Updated
Mozilla Releases More Secure Firefox 61
The browser allows its users to boost their privacy and avoid man-in-the-middle (MitM) attacks while browsing the web, and is a recommended solution by most anti-surveillance advocates.
While the attack works on older versions of the browser, it will not work on the just released version, researchers said. That is because the new Tor Browser release moved to the Firefox Quantum which also comes with different, new add-on APIs. Tor Browser version 8.0 launched last week.
The newest NoScript versions are also developed to work on the Quantum platform and use the newer add-on APIs.
Zerodium’s chief executive Chaouki Bekra said back in December the organization launched a specific and time-limited bug bounty for Tor Browser. This Tor Browser exploit ended up acquired by Zerodium months ago as a Zero Day and Bekra shared it with government customers.
Bekra said this Zero Day released publicly to spread awareness on the lack of proper auditing for components of highly trusted security solution like the Tor Browser, with millions of users to date.
To mitigate the issues, users should update Tor Browser and NoScript to their latest versions, which are not vulnerable.
Leave a Reply
You must be logged in to post a comment.