CVE-2016-3180

2017-02-07T12:59:00
ID CVE-2016-3180
Type cve
Reporter NVD
Modified 2017-02-28T14:22:12

Description

Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.