Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-16541

Опубликовано: 04 нояб. 2017
Источник: debian
EPSS Низкий

Описание

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed62.0-1package
firefox-esrfixed60.2.0esr-1package
firefox-esrfixed60.2.0esr-1~deb9u2stretchpackage
thunderbirdfixed1:60.2.1-1package

Примечания

  • https://trac.torproject.org/projects/tor/ticket/24052

  • https://blog.torproject.org/tor-browser-709-released

  • https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2017-16541

  • https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2017-16541

  • https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2017-16541

EPSS

Процентиль: 80%
0.01522
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-16541

CVSS3: 6.5
ubuntu
почти 8 лет назад

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

redhat логотип

CVE-2017-16541

CVSS3: 6.5
redhat
почти 8 лет назад

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

nvd логотип

CVE-2017-16541

CVSS3: 6.5
nvd
почти 8 лет назад

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

github логотип

GHSA-9348-g23j-56pf

CVSS3: 6.5
github
около 3 лет назад

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

fstec логотип

BDU:2023-01948

CVSS3: 6.5
fstec
почти 8 лет назад

Уязвимость automount-демона браузеров Tor, Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности

EPSS

Процентиль: 80%
0.01522
Низкий