Details about zero-day vulnerability in :tor: Tor Browser 7.x published on Twitter by security company:

– full bypass of the "Safest" security level of the NoScript extension
– allows malicious code to run inside the Tor Browser
– Tor Browser 8.x is not affected
– update to NoScript "Classic" version / Tor Browser 8.x

@infosechandbook Maybe TOR replacement should just mirror a whole bunch and whittle it down to a clean subset of html, or to data and not even use a browser.

Never believed that eyeball thing, it depends on the number of eyeballs, how good they look, how much they have to surveil.

Sign in to participate in the conversation

This instance was shut down on March 31st, 2020.