Anti detect browser for multi-accounting
Antidetect for team

What is anti detect browser. Tor(ched): Zerodium drops exploit for version 7 of anonymous browser

Brave browser automation

Prevent WebRTC leak.

Bug broker Zerodium has released word of a flaw in the Tor browser that would potentially allow an attack site to bypass security protections and execute malicious code in the supposedly secure internet system.

The flaw was disclosed in a Zerodium Tweet Monday morning that provides some detail on the nature of the flaw.

Advisory: Tor Browser 7.x has a serious vuln/bugdoor leading to full bypass of Tor / NoScript ‘Safest’ security level (supposed to block all JS).
PoC: Set the Content-Type of your html/js page to “text/html;/json” and enjoy full JS pwnage. Newly released Tor 8.x is Not affected.

— Zerodium (@Zerodium) September 10, 2018

Also posted was a proof of concept script showing the exploit in action.

Very easy to reproduce the Zerodium Tor Browser 7.x NoScript bypass vulnerability #TorBrowser #vulnerability

Download browser automation studio

— x0rz (@x0rz) September 10, 2018

As Zerodium notes in its disclosure, the vulnerability is active even when the user is running the browser with NoScript, a Javascript-blocking extension that is included with the Tor browser (but is not set to active by default. This means that even when running a fully-patched version of Tor 7.x with maximum security settings, an attacker would be able to get malicious scripts up and running on the targeted machine.

Fortunately, last week’s release of Tor browser 8.0 is not subject to the security bypass vulnerability, so getting rid of the flaw is as simple as grabbing the latest version of the software.

Unfortunately, that likely was not the case for much of the time this vulnerability was known of, and sold by the bug-hunting biz.

  What is anti detect browser. You better watch out, you better not cry. Better not pout, I'm telling you why: SQLite vuln fixes are coming to town

Zerodium, who counts government organizations among the subscribers to the research feed where it discloses purchased bugs, has reportedly made word of the flaw known for “months” prior to Monday’s disclosure. This means that some government organizations could potentially have had the ability to get code onto a fully-patched version of the Tor browser for weeks now.

The company did not respond to a Register request for comment on the matter. ®

Antidetect browser mobile.

Leave a Reply