+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News Zero-Day Vulnerability Discovered in Tor Browser 7.x (/showthread.php?tid=745)
Zero-Day Vulnerability Discovered in Tor Browser 7.x - Mr.Kurd - 09-12-2018
In The Name OF Allah
Al-Salam Alekum
![[Image: 5eac4cd9-53af-4ffa-b651-543810c25dac.jpg]](https://assets.infosecurity-magazine.com/webpage/feat/5eac4cd9-53af-4ffa-b651-543810c25dac.jpg)
Quote:While the latest version of the Tor browser is unaffected, Zerodium today issued an advisory via Twitter of a zero-day vulnerability in the Tor browser 7.x.https://www.infosecurity-magazine.com/news/0day-vulnerability-discovered-in/
According to Zerodium, who buys and sells vulnerabilities in software, the browser is reported to have a serious vulnerability – a backdoor that leads to full bypass of Tor’s security protections. The NoScript browser extension is supposed to block all JavaScript at the “safest” security level, but the backdoor enables an attacker to execute malicious code even if the blocking extension is activated.
It had been reproduced by @x0rz: https://gist.github.com/x0rz/8198e8e22b1f70fddb9c815c1232b795
Wa Salam Alekum