Tor Browser Releases Patch for Critical Security Vulnerability Inherited from Firefox

The Tor Project has released an update for the Tor Browser that addresses a critical vulnerability actively exploited in real-world attacks. This security issue was inherited from Firefox, and all users are strongly advised to ensure their browser is updated to version 8.5.2. Your protection against the vulnerability identified as CVE-2019-11707 depends on this update.

Key Updates in Tor Browser 8.5.2

• Critical Security Fix: The update patches the CVE-2019-11707 vulnerability, which was inherited from Firefox and has been used in targeted attacks.
• NoScript Update: The browser now includes NoScript version 10.6.3, which resolves several known issues and further enhances security.

Additional Security Notes

The Tor Project team notes that if you use the “Safer” or “Safest” security levels in the browser, the CVE-2019-11707 vulnerability is no longer relevant. However, it is still recommended to update to the latest version for maximum protection.

Android Users

Unfortunately, the corresponding patch is not yet available for Android users, but the Tor Project promises to address this soon.

Background

Earlier this week, Mozilla released a minor update for the Firefox browser. It was later revealed that this patch was intended to fix the same critical vulnerability, which has been actively exploited by attackers in targeted real-world attacks.