Tor Browser Releases Patch for Critical Security Vulnerability Inherited from Firefox

The Tor ProjectThe Tor Project is a nonprofit organization dedicated to protecting online privacy and ensuring uncensored access to the internet. Emerging from U.S. Naval Research Lab experiments with onion routing in the 1990s, Tor evolved into a decentralized, volunteer-powered network that hides user identities by routing traffic through multiple encrypted relays. Since the launch of the Tor Browser in 2008, it has become a crucial tool for activists, journalists, and everyday users worldwide—supporting free expression during events like the Arab Spring and proving resilient in the face of mass surveillance disclosures. Today, Tor is sustained by a global community committed to human rights, transparency, and digital freedom. More has released an update for the Tor Browser that addresses a critical vulnerability actively exploited in real-world attacks. This security issue was inherited from Firefox, and all users are strongly advised to ensure their browser is updated to version 8.5.2. Your protection against the vulnerability identified as CVE-2019-11707 depends on this update.

Key Updates in Tor Browser 8.5.2

• Critical Security Fix: The update patches the CVE-2019-11707 vulnerability, which was inherited from Firefox and has been used in targeted attacks.
• NoScript Update: The browser now includes NoScript version 10.6.3, which resolves several known issues and further enhances security.

Additional Security Notes

The Tor ProjectThe Tor Project is a nonprofit organization dedicated to protecting online privacy and ensuring uncensored access to the internet. Emerging from U.S. Naval Research Lab experiments with onion routing in the 1990s, Tor evolved into a decentralized, volunteer-powered network that hides user identities by routing traffic through multiple encrypted relays. Since the launch of the Tor Browser in 2008, it has become a crucial tool for activists, journalists, and everyday users worldwide—supporting free expression during events like the Arab Spring and proving resilient in the face of mass surveillance disclosures. Today, Tor is sustained by a global community committed to human rights, transparency, and digital freedom. More team notes that if you use the “Safer” or “Safest” security levels in the browser, the CVE-2019-11707 vulnerability is no longer relevant. However, it is still recommended to update to the latest version for maximum protection.

Android Users

Unfortunately, the corresponding patch is not yet available for Android users, but the Tor ProjectThe Tor Project is a nonprofit organization dedicated to protecting online privacy and ensuring uncensored access to the internet. Emerging from U.S. Naval Research Lab experiments with onion routing in the 1990s, Tor evolved into a decentralized, volunteer-powered network that hides user identities by routing traffic through multiple encrypted relays. Since the launch of the Tor Browser in 2008, it has become a crucial tool for activists, journalists, and everyday users worldwide—supporting free expression during events like the Arab Spring and proving resilient in the face of mass surveillance disclosures. Today, Tor is sustained by a global community committed to human rights, transparency, and digital freedom. More promises to address this soon.

Background

Earlier this week, Mozilla released a minor update for the Firefox browser. It was later revealed that this patch was intended to fix the same critical vulnerability, which has been actively exploited by attackers in targeted real-world attacks.