Mozilla Firefox and Thunderbird is vulnerable to authorization bypass. The proxy settings can be bypassed by using the automount
feature with autofs
to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a file:
URI, bypassing configured proxy settings.
www.securityfocus.com/bid/101665
www.securitytracker.com/id/1041610
access.redhat.com/errata/RHSA-2018:2692
access.redhat.com/errata/RHSA-2018:2693
access.redhat.com/errata/RHSA-2018:3403
access.redhat.com/errata/RHSA-2018:3458
access.redhat.com/security/updates/classification/#critical
blog.torproject.org/tor-browser-709-released
bugzilla.mozilla.org/show_bug.cgi?id=1412081
lists.debian.org/debian-lts-announce/2018/11/msg00011.html
security.gentoo.org/glsa/201810-01
security.gentoo.org/glsa/201811-13
trac.torproject.org/projects/tor/ticket/24052
www.bleepingcomputer.com/news/security/tormoil-vulnerability-leaks-real-ip-address-from-tor-browser-users/
www.debian.org/security/2018/dsa-4327
www.mozilla.org/en-US/security/advisories/mfsa2018-20/
www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/