Bug lets attacker run JavaScript in Tor Browser 7

Sep

10

2018

despite NoScript’
Zerodium, a company that operates as a vulnerability dealer, warns of a leak in version 7.x of the Tor Browser, which makes it possible to execute JavaScript even though the browser is set to block it. NoScript has received an update.

tor-browser-safest
Levels in Tor Browser
The company describes the vulnerability in a tweet and reports that “Tor Browser 7.x contains a serious vulnerability that makes it possible to circumvent the safest level of the browser and NoScript.” That is an extension that blocks standard scripts on web pages, where users can apply a whitelist . The Tor Browser allows different security levels, with ‘safest’ also blocking JavaScript on all sites. It is unclear whether the company has contacted the Tor Project to report the leak. The organization has not yet responded to the publication.

According to Zerodium, it is possible to abuse the leak by changing the content-type header on a page to: text / html; / json . As a result, it appears that an attacker lures a victim to a malicious page under his control. Security researcher x0rz has tested this proof-of-concept and says that it is easy to apply. He publishes a video on Twitter to support his claim. The corresponding code is on GitHub . He advises users to update to the recently released Tor Browser 8. It would not be vulnerable. NoScript Classic has now implemented a patch to version number 5.1.8.7 .

Viewing:-94

In: A Technology & Gadgets Asked By: [22628 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »