The Tor Browser is partially built on open source Firefox code, but also includes proxy code that encrypts and anonymizes users’ sessions as they move about the Internet. Word of the exploit was first posted to a Tor mailing list late Tuesday with the warning “This is an JavaScript exploit actively used against TorBrowser NOW.”Įarly Wednesday, Tor cofounder Roger Dingledine confirmed the reports and said the Mozilla Foundation was working to patch the vulnerability. The Tor Project said the update released late Wednesday included an “important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).” NoScript for Firefox is an open-source add-on that pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust. A restart is required for it to take effect.” “Thus we strongly recommend that all users apply the update to their Tor Browser immediately. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well,” the Tor Project said in its announcement. “The security flaw responsible for this urgent release is already actively exploited on Windows systems. Update The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |