Vulners
Lucene search
Tor Browser 7.0.8 IP Address Leak Vulnerability
Title: TorMoil: TorBrowser unspecified critical security vulnerability
Product: Tor Browser
Version: 7.0.8 and probably prior
Vendor: torproject.org
Vulnerability type: Unspecified
Risk level: 5 / 5
Credit: Filippo Cavallarin - wearesegment.com
CVE: N / A
Details
TorBrowser version 7.0.8, and probably prior,for Mac OS X and Linux, is affected
by a critical security issue. According to the Tor Project, further details will
be released in the near future.
Due to a Firefox bug in handling file:// URLs it is possible on both systems that
users leak their IP address. Once an affected user navigates to a specially crafted
web page, the operating system may directly connect to the remote host,
bypassing Tor Browser.
Users are strongly advised to keep their TorBrowser updated.
We named this vulnerability TorMoil.
Solution
Update TorBrowser to version 7.0.9
References
https://www.torproject.org/
https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/
https://www.wearesegment.com/news/the-tormoil-bug-torbrowser-critical-security-vulnerability/
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Nov 2017 00:00Current
6.9Medium risk
Vulners AI Score6.9