CVE-2018-16983
https://notcve.org/view.php?id=CVE-2018-16983
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. NoScript Classic en versiones anteriores a la 5.1.8.7, tal y como se emplea en Tor Browser 7.x y otros productos, permite que los atacantes omitan el bloqueo de scripts mediante el valor de Content-Type text/html;/json. • https://noscript.net/getit#classic https://twitter.com/Zerodium/status/1039127214602641409 https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter •
CVE-2018-0490
https://notcve.org/view.php?id=CVE-2018-0490
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. Se ha descubierto un problema en Tor en versiones anteriores a la 0.2.9.15, versiones 0.3.1.x anteriores a la 0.3.1.10 y versiones 0.3.2.x anteriores a la 0.3.2.10. La implementación del subprotocolo directory-authority protocol-list permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de directory-authority) mediante un descriptor de relevo con formato erróneo que se gestiona de manera incorrecta durante la votación. • https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 https://trac.torproject.org/projects/tor/ticket/25074 https://www.debian.org/security/2018/dsa-4183 • CWE-476: NULL Pointer Dereference •
CVE-2018-0491 – Tor Browser < 0.3.2.10 - Use After Free (PoC)
https://notcve.org/view.php?id=CVE-2018-0491
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list. Se ha descubierto un problema de uso de memoria previamente liberada en Tor, en versiones 0.3.2.x anteriores a la 0.3.2.10. Permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del relevo) debido a que la implementación KIST permite que un canal se añada más de una vez en la lista de pendientes. Tor Browser versions 0.3.2.x before 0.3.2.10 suffer from a use-after-free vulnerability that can result in a denial of service condition. • https://www.exploit-db.com/exploits/44994 https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 https://trac.torproject.org/projects/tor/ticket/24700 https://trac.torproject.org/projects/tor/ticket/25117 • CWE-416: Use After Free •
CVE-2016-1254
https://notcve.org/view.php?id=CVE-2016-1254
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Tor, en versiones anteriores a la 0.2.8.12 podría permitir que los atacantes remotos provoquen una denegación de servicio (cierre inesperado del cliente) mediante un descriptor de servicio oculto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00154.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00155.html https://blog.torproject.org/blog/tor-02812-released https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXOJSMCTIOHLBRYFBVEL3CDLGPZXX6WE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTU2R253477RZLYAJAR5DAXAON7KIVLA https://trac. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-16541 – Mozilla: Proxy bypass using automount and autofs
https://notcve.org/view.php?id=CVE-2017-16541
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. El navegador Tor en versiones anteriores a la 7.0.9 en macOS y Linux permite que atacantes remotos sin omitan las características de anonimato previstas y descubran una dirección IP de cliente mediante vectores que impliquen un sitio web manipulado que aproveche la mala gestión de file:// en Firefox. Esto también se conoce como TorMoil. NOTA: Tails no se ha visto afectado. • https://github.com/Ethan-Chen-uwo/A-breif-introduction-of-CVE-2017-16541 http://www.securityfocus.com/bid/101665 http://www.securitytracker.com/id/1041610 https://access.redhat.com/errata/RHSA-2018:2692 https://access.redhat.com/errata/RHSA-2018:2693 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://blog.torproject.org/tor-browser-709-released https://bugzilla.mozilla.org/show_bug.cgi?id=1412081 https://lists.debian.or • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •