Tor Project advises customers to update their Tor Browser Bundle

Aug 6, 2013 11:09 GMT  ·  By

Recently, we’ve learned that a Firefox 17 JavaScript vulnerability has been utilized against Tor Network users, possibly by the FBI, or the NSA.

The TOR Project advises customers of the Tor Browser Bundle to update their installations to versions 2.3.25-10, 2.4.15-alpha-1, 2.4.15-beta-1 or 3.0alpha2, in which the vulnerability has been fixed.

In the meantime, IT security solutions provider Bitdefender reports that it has updated its products to detect the Tor Browser Bundle JavaScript exploit.

“Exploit.JS.Agent.BB uses a heap-spraying technique to break the javascript engine and eventually drop and execute a payload file. As the exploit is publicly available, we judge the probability of it being used in other attacks by other actors as high,” the company warns.

So far, Bitdefender has detected the exploit on a small number of computers in France and the Dominican Republic.

Download Tor Browser Bundle