1
1
1
4
1
4
Sign in to follow this  
H4x0r

Because of a bug, Tor Browser runs JavaScript where it should block It

Recommended Posts

The developers have warned that due to an error, Tor Browser can execute JavaScript code on sites where the user has deliberately blocked the launch of JavaScript. Although work on creating a fix is already underway, there is no patch yet, and no release date is given.

The ability to block JavaScript execution is one of the important security aspects of Tor Browser. It is precisely because the browser is focused on preserving user privacy (in particular, it masks real IP addresses and does everything to preserve a person's anonymity) that it is often used to circumvent blocking and censorship by journalists, political activists, and dissidents in countries with repressive regimes.

It is worth saying that previously there were exploits for Tor Browser that used JavaScript to reveal the user's real IP address. Some of them were used to expose criminals (1, 2), while others were used under unknown circumstances (1, 2).

Now the development team reported that they found an error in the security settings of the Tor Browser Bundle. For example, even if the browser is configured to use the highest security level (Safest), it still allows JavaScript code to run in certain situations, even when it should be blocking It.

tor-safest-level.png#26759185

The developers write that they are already working on fixing this problem, but while there is no patch, users can completely refuse to use JavaScript and disable it in the settings: about:config - > javascript.enabled -> false.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this