Zerodium, an exploit vendor, highlights Tor 7.x vulnerability; upgrade now

Zerodium, an exploit vendor that buys and sells exploits for software, has announced on Twitter that Tor 7.x isn’t safe and that a bug can bypass a user’s security level choice, effectively allowing all browsers to be affected by JavaScript exploits. Apparently, the exploit only affects Tor 7.x but the latest Tor 8.0 release is unaffected, therefore you should update immediately.

Several Tor-releases ago, the project decided to add a security slider in order to make browsing sessions more secure for users by disabling several features including JavaScript, the slider interacts with NoScript in order to disable things like JavaScript.

Advisory: Tor Browser 7.x has a serious vuln/bugdoor leading to full bypass of Tor / NoScript "Safest" security level (supposed to block all JS).
PoC: Set the Content-Type of your html/js page to "text/html;/json" and enjoy full JS pwnage. Newly released Tor 8.x is Not affected.

— Zerodium (@Zerodium) September 10, 2018

The exploit revealed by Zerodium is able to bypass the script-blocking in NoScript which causes JavaScript to run in a user’s Tor Browser installation, potentially unmasking them. The exploit no longer works with Tor Browser 8.0 because Firefox Quantum is the base. With Firefox Quantum, many browser extensions, including NoScript, had to refactor their code to continue working in the browser – the changes subsequently broke the exploit.

After being alerted to the vulnerability earlier today, the maintainer of NoScript quickly pushed an update for the Classic version of the extension in order to protect against the vulnerability.

Zerodium CEO, Chaouki Bekrar has also confirmed that the exploit was purchased by the firm many months ago as a zero-day and has been shared with government customers. The exploit has only now been shared as it has reached end-of-life and doesn’t affect the newest Tor Browser. The firm also wanted to highlight the lack, or insufficient amount, of auditing done of the major components bundled by default in the browser.

While Tor does offer more security and privacy than ordinary browsers, today’s exploit highlights that there’s still work to be done in order to protect users.

Via ZDNet

Report a problem with article
Next Article

Lifetime access to this 2019 Interactive Coding Bootcamp costs only $39

Previous Article

Nvidia releases 399.24 WHQL drivers, optimizing Shadow of the Tomb Raider, Black Ops 4