Tor Browser Zero-Day Vulnerability Revealed: Patch Immediately!

Zerodium recently reported the discovery of a new zero-day exploit in Tor browser. The same exploit vendor earlier this year offered $1 million for submitting such an exploit for Tor browser. The new Tor zero-day could reveal the identity of the websites visited by the user.

Zerodium Reveals Tor Browser Zero-Day in a Tweet

Тhe exploit vendor reported the flaw and gave instructions on how it can be reproduced in a tweet posted on Monday. It appears that the recently released Tor Browser 8 is not affected by the zero-day:

Advisory: Tor Browser 7.x has a serious vuln/bugdoor leading to full bypass of Tor / NoScript ‘Safest’ security level (supposed to block all JS). PoC: Set the Content-Type of your html/js page to “text/html;/json” and enjoy full JS pwnage. Newly released Tor 8.x is not affected.

As visible by the tweet, the exploit is about a vulnerability in the Tor browser but in fact it impacts NoScript. NoScript is a well-known Firefox extension which guards users from malicious scripts by allowing JavaScript, Java, and Flash plugins to be executed only on trusted websites. It should be noted that the Tor Browser is based on Firefox’s code, thus it includes NoScript by default.

Zerodium says that NoScript versions 5.0.4 to can be bypasses to run any JS file by altering its content-type header to JSON format. This can happen even when the “Safest” security level is enabled. This means that a website can take advantage of this zero-day to execute malicious JavaScript on Tor browser and to obtain the real IP address of the victim.

Fortunately, the latest version of Tor is not affected by this vulnerability, simply because the NoScript plugin for the Quantum version of Firefox is based upon a different (Read more…)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: