A critical Tor Browser vulnerability that could transmit their real IP addresses to possible attackers when they visit certain types of web pages.
Discovered by Italian security researcher Filippo Cavallarin, the tor browser vulnerability lies in Firefox that also affects the Tor browser, because the privacy service that allows users to browse the web anonymously uses FireFox in its base.
Nicknamed by the researcher as TorMoil, the tor browser vulnerability that affects Tor browser for macOS and Linux and not for Windows, but take into account the security and privacy of Tor users, the details of this defect have not yet been publicly disclosed.
Cavallarin, CEO of security company We Are Segment, privately reported the security vulnerability to Tor developers on Thursday (October 26), and developers of Tor have deployed an emergency version Tor version 7.0.8.
According to a small blog post published on Tuesday by We Are Segment, the TorMoil vulnerability is due to a Firefox problem in “file management: // URLs”.
TorMoil is activated when users click on links that start with file: // addresses, instead of the more common https: // and HTTP: // addresses.
“Due to a Firefox error in the processing of files: // URL, in both systems it is possible for users to flee from their IP address,” says the blog.
“Once an assigned user [running a macOS or Linux system] accesses a specially designed web page, the operating system can connect directly to the remote host, ignoring the Tor browser.”
The Tor project has currently launched a temporary solution to prevent the leakage of real IP.
Therefore, macOS and Linux users may find that the updated Tor anonymity browser versions do not behave correctly when they navigate to the file: // addresses until they are permanently resolved.
“The patch that we have implemented is only a solution that stops the leak: due to this browser file: // the browser URLs may not work as expected, especially when entering the URL file: // in the URL bar and clicking on The links are broken, “said the Tor project in an article published on Friday.
“Opening them in a new tab or window does not work either, an alternative solution for these problems is to drag the link to the URL bar or tab, follow this tracking regression in error 24136.”
According to the Tor project, users of the Windows versions of Tor, Tails and sandboxed-tor-browser in alpha are not affected.
The Tor project also indicated that there is no evidence that the TorMoil vulnerability has been actively exploited by hackers to obtain the IP addresses of Tor users.
However, the lack of evidence does not prove that the error has not been exploited by expert attackers and hackers, given the strong demand of Tor in the market, where Zerodium is willing to pay $ 1 million for its exploitation.
In order to protect the privacy of its users, Tor Project recently announced the launch of Tor 0.3.2.1-alpha, which includes support for next-generation onion services, with the integration of a new advanced and enhanced global authentication encryption in your web server.