6.5

CVE-2017-16541

Exploit
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TorprojectTor Version < 7.0.9
   ApplemacOS Version-
   LinuxLinux Kernel Version-
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.66% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/101665
Broken Link
http://www.securitytracker.com/id/1041610
Broken Link
https://access.redhat.com/errata/RHSA-2018:2692
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2693
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3403
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3458
Third Party Advisory
https://blog.torproject.org/tor-browser-709-released
Vendor Advisory
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1412081
Third Party Advisory
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201810-01
Third Party Advisory
https://security.gentoo.org/glsa/201811-13
Third Party Advisory
https://trac.torproject.org/projects/tor/ticket/24052
Vendor Advisory
Issue Tracking
https://www.bleepingcomputer.com/news/security/tormoil-vulnerability-leaks-real-ip-address-from-tor-browser-users/
Third Party Advisory
Issue Tracking
https://www.debian.org/security/2018/dsa-4327
Third Party Advisory
https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/
Third Party Advisory
Issue Tracking