Follow Slashdot stories on Twitter


Forgot your password?

Submission + - TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users (

An anonymous reader writes: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Tor Browser 7.0.9 fixes the vulnerability, nicknamed TorMoil, for Mac and Linux users. Tor Browser on Windows is not affected.

The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. According to Cavallarin, the issue is actually a Firefox bug in the way the browser handles file:// URLs. While the issue is harmless in Firefox, it's catastrophic in the Tor Browser.

"Once an affected [Tor Browser] user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser," Cavallarin said. By directly connecting to the page, the Tor Browser will not go through the network of Tor relays, exposing the user's real-world IP address.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

Comments Filter:

The relative importance of files depends on their cost in terms of the human effort needed to regenerate them. -- T.A. Dolotta