Tor Browser 6.0.5
Tor Browser 6.0.5 is now available for download. The latest release of the Tor dark web browser comes with a number of improvements, one of which is a crucial security update.
Tor Browser 6.0.5 Addresses Mozilla Vulnerability
Users will be glad to see that the new version comes with a bug fix in Mozilla Firefox – recently discovered extension update vulnerability.
There was a security loophole that allowed attackers with valid addons.mozilla.org certificates to masquerade as legit Mozilla servers in an effort to spread malicious updates – something that could potentially cause arbitrary code execution and also cause problems in Firefox’s default methods of handling certificate pinning.
Certificate pinning is a crucial HTTPS feature that protects the user’s SSL certificates from attacks by accepting only a specific certificate key per domain or subdomain and rejecting the rest.
Independent security researcher Ryan Duff posted a report which pointed out the vulnerability in most of the Firefox stable versions save for one nightly build that was released on the 4th of September 2016.
His report also indicates that the security vulnerabilities on Firefox stem from the use of a static key instead of the more secure HPKP method.
Access to a legit Mozilla certificate is hard to gain for the ordinary hacker.
According to security expert @movrcx, who stumbled upon the vulnerability, an attacker would need a minimum of $100,000 to pull off a successful man-in-the-middle attack.
Resourceful parties such as nation states can still carry out MITM attacks and compromise the anonymity of the Tor network.
Apart from fixing the vulnerabilities discovered on Firefox, Tor Browser 6.0.5 also includes a stable version (0.2.8.7) and an update of the HTTPS-Everywhere (5.2.4).
The new version of the browser also fixes a number of other minor bugs such as site security clearing during New Identity, the storage of browser data in the home directory and the bug that caused the “Maximizing Tor Browser” notification to appear severally.
Alpha and Hardened Bundles to Follow Soon
Currently underway is the building of the alpha (6.5a3) and the hardened (6.5a3-hardened) bundles for alpha and hardened channel users.
Available for Windows, Mac, and Linux OS
The Tor Project has made significant steps to tackle its existing security loopholes and various administrative road bumps. It remains the most sought after means of obtaining anonymity.
The latest release is currently available for Mac OS X, Windows, and Linux platforms. To enhance user anonymity, it is well capable of running off a portable USB flash drive.
Latest posts by Richard (see all)
- Wide Range of Job Ads Available on the Dark Web - November 5, 2018
- Continuous Exploit of RDP Pushes FBI to Issue Warning to Potential Targets - October 29, 2018
- Ross Ulbricht’s Fifth Year in Jail - October 10, 2018