Jump to content

Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox


steven36
 Share

Recommended Posts

Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version.

 

https://s7d2.turboimg.net/sp/cd22d19da484dc75a3bebaaeab46363c/bc46.jpg

 

When starting Tor Browser, it should alert you if a new version is available. If you would like to perform a manual check, you can do so by going to Tor Browser menu -> Help -> About Tor Browser.

 

 

 

https://s7d8.turboimg.net/sp/63a078101b0ab80211344d82ee004741/tor-browser-8_5_3.jpg

 

Unfortunately, like the previous release, the Android version of Tor Browser 8.5.3 will not be available until the weekend as part of the Tor team who handles the Android signing token is away at an event.

Tor 8.5.3 can be downloaded from the Tor Browser download page and from the distribution directory.

 

The full changelog for Tor Browser 8.5.3 is:

 

Tor Browser 8.5.3 -- June 21 2019
 * All platforms
   * Pick up fix for Mozilla's bug 1560192

 

Sandbox Escape vulnerability fixed

This week it was discovered that two Firefox zero-day vulnerabilities were used as part of targeted attacks against cryptocurrency firms. The two vulnerabilities used in the attack are a remote code execution vulnerability chained with a sandbox escape vulnerability.

 

Yesterday, the Tor Project released Tor 8.5.2 to fix the RCE vulnerability, and today's release of 8.5.3 fixes the Sandbox Escape vulnerability in the bundled Firefox browser.

"This release includes an important security update in Firefox, a sandbox escape bug, which combined with additional vulnerabilities could result in executing arbitrary code on the user's compute"

https://s7d6.turboimg.net/sp/9f1b07784bb35d54509859686d7c8481/vulnerability.jpg

When these two vulnerabilities were chained together, they were able to download and install information-stealing Trojans on a victim's computers as well as remote access to the computer's network. 

 

Due to this, it is imperative that users install this update immediately.

 

Source

 

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...