When we talk about the ways to browse safely online, an option which strikes our minds right after VPN is TOR. Certainly, the TOR browser tops up all the secure browsers that allow you to surf the internet with safety and anonymity. However, like everything else, you cannot rule out the probabilities of bugs in this browser. Recently, a cybersecurity firm Zerodium has found out a TOR browser zero day that compromises its JS blocking feature.
Zerodium Discovered TOR Browser Zero Day Flaw
As revealed by ZDNet, the cybersecurity firm Zerodium has put up a short advisory in its recent tweet regarding a TOR flaw. They have discovered a TOR browser zero day vulnerability that compromises one of the TOR security features. As disclosed in the tweet, the bug allows bypassing the TOR’s ‘NoScript’ JS blocking feature.
While they haven’t given any detailed proof-of-concept for this vulnerability, they have explained it briefly in their tweet.
The bug reported by Zerodium affects this particular TOR feature, allowing anyone to run malicious codes in the browser by simply bypassing the NoScript.
The Bug Was Patched Quickly
After noticing the tweet, ZDNet quickly approached Giorgio Maone who authored NoScript extension. Maone, in turn, stepped up to find the causes of this TOR browser zero day, and worked out to patch the flaw. Regarding the reason triggering this vulnerability, he explained that the bug was actually a “NoScript 5 “Classic” bug” that did not affect the TOR Browser 8 and NoScript 10 Quantum.