‘Bug lets attacker run JavaScript in Tor Browser 7 despite NoScript’

Spread the love

Zerodium, a company active as a vulnerability dealer, has warned of a vulnerability in version 7.x of the Tor Browser, which allows JavaScript to run even though the browser is set to block it. NoScript got an update.

Levels in Tor Browser

The company describes the vulnerability in a tweet and reports that “Tor Browser 7.x contains a serious vulnerability that allows bypassing the most secure level of the browser and NoScript.” That is an extension that blocks scripts on web pages by default, where users can apply a whitelist. The Tor Browser allows for different levels of security, with ‘safest’ also blocking JavaScript on all sites. It is unclear whether the company has contacted the Tor Project to report the leak. The organization has not yet responded to the publication.

According to Zerodium, it is possible to exploit the vulnerability by changing the content-type header on a page to: text/html;/json. Therefore, it seems required for an attacker to lure a victim to a malicious page under his control. Security researcher x0rz has tested this proof-of-concept and says it’s easy to apply. He publishes a video on Twitter to support his claim. The corresponding code is on GitHub. He recommends that users update to the recently released Tor Browser 8. It wouldn’t be vulnerable. NoScript Classic has since implemented a patch, to version number 5.1.8.7.

You might also like