Advisory: Tor Browser 7.x has a serious vuln/bugdoor leading to full bypass of Tor / NoScript 'Safest' security level (supposed to block all JS).
PoC: Set the Content-Type of your html/js page to "text/html;/json" and enjoy full JS pwnage. Newly released Tor 8.x is Not affected.— Zerodium (@Zerodium) September 10, 2018
Больше деталей на английском тут
https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/
на русском тут
https://www.securitylab.ru/news/495545.php
Уязвимость исправлена в версии 5.1.8.7
Discover more from alexmak.net
Subscribe to get the latest posts sent to your email.