Tor Browser 8.5.2 released to fix critical Firefox vulnerability


A new version of the Tor Browser, v.8.5.2, was released by the Tor Project which patches a critical vulnerability found in Mozilla Firefox that is being actively exploited in the wild. The update is available on Tor’s download page and distribution directory.

As per the Tor Browser 8.5.2 release notes, the latest version of the Tor browser includes a fix for CVE-2019-11707 which is a critical type confusion vulnerability caused by errors in the Array.pop component of Firefox. These can lead to browser crashes on successful exploitation.

The security researcher with Google Project Zero and Coinbase Security, Samuel Groß, has found the vulnerability which could be used for the remote execution of code combined with a sandbox escape caveat as well as cross-site scripting (XSS) attacks.

However, users of the safer and safest security levels in Tor are not affected by the flaw.

Besides resolving this serious security issue, the Tor Project has also updated NoScript to 10.6.3 to patch several issues including browser freezes and the accidental blockage of MP4 videos.

A delay in accessing Tor’s Android token means that the Android 8.5.2 version of the Tor Browser has not yet been released and is not expected to be available by the weekend. The mobile version of Tor will receive the patch now but it is recommended that Android users shift over to safe or safest security levels in order to reduce the risk of the active exploit.

To do this, the Android users must navigate to the menu on the right of the URL bar and then select the “Security Settings.”

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    New All-in-One Plurox Malware infects computers in different ways

    Previous article

    Free GandCrab Ransomware Decryption Tool

    Next article

    You may also like

    More in Protect


    Leave a reply

    Your email address will not be published. Required fields are marked *