Zerodium Publishes Exploit for Tor Browser

Delaware, USA – September 12, 2018 — Zerodium revealed via Twitter a severe vulnerability in Tor anonymous browser, which existed since May 2017 and affected version 7 of the browser. In fact, the vulnerability was found in the popular NoScript extension for Firefox designed to protect users against malicious scripts while surfing, and which is part of the Tor browser by default. With the help of the published exploit, attackers can bypass NoScript protection and run JavaScript even if the highest level of security is enabled. Zerodium is a security vulnerabilities broker, they disclosed information about this vulnerability as in the recently released 8 version of the Tor browser this vulnerability does not work, but it is unknown who and for what purposes used this vulnerability since its discovery. NoScript developer released the update of the extension for users of Firefox 52 ESR.

Tor usage violates many Compliance requirements such as PCI DSS, SOX, HIPAA and security policies, but it can still be used internally. This network uses encrypted communication, and security solutions can’t timely respond to attempts of insider attacks and data exfiltration. The published exploit testifies that organizations were subject to additional risk of APT attacks for many months. Uncovering vulnerable assets and systems with Tor browser installed is possible with SIEM tool and DetectTor rule pack, which finds any Tor related connections, determines risk priority, identifies the threat behind and automatically alerts security professionals on such behavior: https://my.socprime.com/en/integrations/detecttor-arcsight