| Advisory ID: | SGMA17-003 |
| Title: | TorMoil: TorBrowser unspecified critical security vulnerability |
| Product: | Tor Browser |
| Version: | 7.0.8 and probably prior |
| Vendor: | torproject.org |
| Vulnerability type: | Unspecified |
| Risk level: | 5 / 5 |
| Credit: | Filippo Cavallarin - wearesegment.com |
| CVE: | CVE-2017-16541 |
| Vendor notification: | 10-26-2017 |
| Vendor Fix: | 11-03-2017 |
| Public disclosure: | 11-03-2017 |
Details
TorBrowser version 7.0.8, and probably prior,for Mac OS X and Linux, is affected by a critical security issue. According to the Tor Project, further details will be released in the near future.
Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.
Users are strongly advised to keep their TorBrowser updated.
We named this vulnerability TorMoil.
Update 2018-09-10
See https://www.wearesegment.com/research/tormoil-deanonymize-tor-browser-users-with-automount/