Jump to content

Tor Warns of Firefox Bug That Threatens User Privacy


tezza

Recommended Posts

The developers at the Tor Project are warning users about a serious flaw in Firefox that's included the latest version of the Tor Browser Bundle that could enable an attacker to gather information about the servers a victim is using, poking a hole in the privacy and anonymity that Tor is designed to provide.

The problem lies in the way that the Firefox makes DNS requests. When a user is using Tor, the browser should make DNS requests through the software's anonymity network and not through the regular Internet. However, Firefox does the opposite when users also have WebSockets enabled in the browser.

"A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux)," Tor said in its advisory to users.

The Tor Project is working on a fix for the vulnerability, but there isn't one available yet. The Tor developers recommend that users in the interim go in and disable WebSockets altogether. You can do that through these steps, Tor said:

  • Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
  • Type “websocket” (again, without the quotes) into the search bar that appears below "about:config".
  • Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.
https://threatpost.c...-privacy-050312
Link to comment
Share on other sites

  • Replies 2
  • Views 938
  • Created
  • Last Reply

slight modification, just search for the exact phrase instead, like so

Type “network.websocket.enabled” (again, without the quotes) into the search bar that appears below "about:config".

Link to comment
Share on other sites

the new update brings "tor browser" a modded version of firefox. dunno if its just a name and logo change or there is more under the hood?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...