Zerodium, the company which buys and sells vulnerabilities in software has publicly revealed a critical zero-day flaw in the Firefox based browser, Tor Browser which could reveal your identity to the sites you visit.
Zerodium tweeted by sharing a zero-day vulnerability that exists in the NoScript browser plugin which comes pre-installed with the Mozilla Firefox bundled in the Tor software.
The zero-day affects only the Tor Browser 7.x series. The latest version of Tor browser, Tor 8.0, which was released recently is not vulnerable to this flaw, as the NoScript plugin designed for the newer version of Firefox (“Quantum”) is based upon a different API format.
The Tor 7.x users are strongly advised to immediately update their browser to the latest Tor 8.0 release.
NoScript has also fixed the zero-day flaw with the release of NoScript “Classic” version 220.127.116.11.