Computer Hope

Software => BSD, Linux, and Unix => Topic started by: Salmon Trout on November 04, 2017, 04:11:11 AM

Title: Tor Browser vulnerability Nov 3 2017 (Mac & Linux)
Post by: Salmon Trout on November 04, 2017, 04:11:11 AM

Slashdot says:

https://it.slashdot.org/story/17/11/03/2127235/tormoil-vulnerability-leaks-real-ip-address-from-tor-browser-users-security-update-released?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Quote

The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue -- which he codenamed TorMoil -- to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.

The issue is actually a Firefox bug in the way the browser handles file:// URLs. While the issue is harmless in Firefox, it's catastrophic in the Tor Browser.

So get updated to 7.0.9.