Beyond that, there are other vectors for potential attack, including JavaScript, css, svg, xml, the renderer, and more. Users are also urged to stay updated moving forward because this isn’t the first Firefox vulnerability and it won’t be the last. The vulnerability itself was fixed in Firefox 17.0.7, which means that Tor versions 2.3.25-10, 2.4.15-alpha-1, 2.4.15-beta-1, and 3.0alpha2 are all safe. Users are also advised to make sure they are running a recent enough version of the Tor Browser. “Really, switching away from Windows is probably a good security move for many reasons.” The advisory lays out a list of actions users should take to protect themselves and their anonymity in the future, concluding with the Tor Project’s Roger Dingledine writing: Tor Browser Bundle users on Linux, OS X, and LiveCD systems like Tails were never at risk of exploit. The vulnerability is a cross-platform threat, but the exploit in this case was Windows-specific. According to the advisory, the attack exploited a Firefox JavaScript vulnerability that has already been resolved. The Tor Project security advisory was a response to revelations on Sunday that an attack had targeted users of the Tor Browser. In a critical security advisory issued over the weekend, the Tor Project told its users that they should seriously consider migrating away from Microsoft’s Windows operating system and disabling JavaScript.
0 kommentar(er)
