09-12-2018, 10:58 AM
In The Name OF Allah
Al-Salam Alekum
![[Image: 5eac4cd9-53af-4ffa-b651-543810c25dac.jpg]](https://assets.infosecurity-magazine.com/webpage/feat/5eac4cd9-53af-4ffa-b651-543810c25dac.jpg)
Quote:While the latest version of the Tor browser is unaffected, Zerodium today issued an advisory via Twitter of a zero-day vulnerability in the Tor browser 7.x.https://www.infosecurity-magazine.com/ne...overed-in/
According to Zerodium, who buys and sells vulnerabilities in software, the browser is reported to have a serious vulnerability – a backdoor that leads to full bypass of Tor’s security protections. The NoScript browser extension is supposed to block all JavaScript at the “safest” security level, but the backdoor enables an attacker to execute malicious code even if the blocking extension is activated.
It had been reproduced by @x0rz: https://gist.github.com/x0rz/8198e8e22b1...5c1232b795
Wa Salam Alekum