Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit.
In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript browser plugin comes pre-installed with the Mozilla Firefox bundled in the Tor software.
It should be noted that the latest version of Tor browser, i.e., Tor 8.0, is not vulnerable to this flaw, as the NoScript plugin designed for the newer version of Firefox (“Quantum”) is based upon a different API format.
Therefore, Tor 7.x users are highly recommended to immediately update their browser to the latest Tor 8.0 release.
NoScript has also fixed the zero-day flaw with the release of NoScript “Classic” version 220.127.116.11.
- Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw
- Critical “Same Origin Policy” Bypass Flaw Found in Samsung Android Browser
- Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately
- Warning: Critical Tor Browser Vulnerability Leaks Users’ Real IP Address—Update Now
- Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever