In browser Tor, the vulnerability opening IP addresses of users is eliminated.
The vulnerability which has received name TorMoil, the head of Italian company We Are Segment Filippo Cavallarin has found out. In a blog of the company the expert explains that the found out problem, actually, is a bug in Firefox on which browser Tor is based.
Vulnerability is connected with how the browser processes URL a kind file://. But if for Firefox the bug is almost harmless, for users Tor of a consequence can be catastrophic.
«When the user of vulnerable browser Tor gets on specially created web page, [because of a bug] the operating system can incorporate directly to a remote host, bypassing browser Tor», - explains Cavallarin. That is Tor Browser not begins to involve relays Tor and by that will open the present IP address of the user.
To vulnerability are subject Tor Browser for Mac and Linux (except for Tails OS), but developers Tor Project assure that the given problem is not maintained yet by malefactors. However, also developers recognise that the skilful expert with ease can adjust the left correction and to create exploits for fresh vulnerability.
Left in the end of last week Tor Browser 7.0.9 which is recommended to be established as soon as possible, has received only time correction for the above described bug so URL file:// can temporarily work with failures.
