Sunday, 02 October 2016 21:26

Tor Browser 6.0.5 Has Been Released

By: 

Tor Browser 6.0.5

Tor Browser 6.0.5 is now available for download. The latest release of the Tor dark web browser comes with a number of improvements, one of which is a crucial security update.

Tor Browser 6.0.5 Addresses Mozilla Vulnerability

tor-browser-fixes-certificate-pinning-issue-but-bug-remains-in-firefox

Users will be glad to see that the new version comes with a bug fix in Mozilla Firefox – recently discovered extension update vulnerability.

There was a security loophole that allowed attackers with valid addons.mozilla.org certificates to masquerade as legit Mozilla servers in an effort to spread malicious updates – something that could potentially cause arbitrary code execution and also cause problems in Firefox’s default methods of handling certificate pinning.

Certificate pinning is a crucial HTTPS feature that protects the user’s SSL certificates from attacks by accepting only a specific certificate key per domain or subdomain and rejecting the rest.

Independent security researcher Ryan Duff posted a report which pointed out the vulnerability in most of the Firefox stable versions save for one nightly build that was released on the 4th of September 2016.

His report also indicates that the security vulnerabilities on Firefox stem from the use of a static key instead of the more secure HPKP method.

Access to a legit Mozilla certificate is hard to gain for the ordinary hacker.

According to security expert @movrcx, who stumbled upon the vulnerability, an attacker would need a minimum of $100,000 to pull off a successful man-in-the-middle attack.

Resourceful parties such as nation states can still carry out MITM attacks and compromise the anonymity of the Tor network.

New Upgrades

tor-browser-6-0-5

Apart from fixing the vulnerabilities discovered on Firefox, Tor Browser 6.0.5 also includes a stable version (0.2.8.7) and an update of the HTTPS-Everywhere (5.2.4).

The new version of the browser also fixes a number of other minor bugs such as site security clearing during New Identity, the storage of browser data in the home directory and the bug that caused the “Maximizing Tor Browser” notification to appear severally.

Alpha and Hardened Bundles to Follow Soon

Currently underway is the building of the alpha (6.5a3) and the hardened (6.5a3-hardened) bundles for alpha and hardened channel users.

Available for Windows, Mac, and Linux OS

The Tor Project has made significant steps to tackle its existing security loopholes and various administrative road bumps. It remains the most sought after means of obtaining anonymity.

The latest release is currently available for Mac OS X, Windows, and Linux platforms. To enhance user anonymity, it is well capable of running off a portable USB flash drive.

Source : https://darkwebnews.com

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now