Short Bytes: The Tor Project has released Tor Browser 6.0.5 for all major platforms. This update of the popular anonymity software comes with an important bug fix in Mozilla Firefox that allowed an attacker to exploit an add-on vulnerability and inject malicious code. Other changes come in the form of updated HTTPS-Everywhere and a new Tor stable version 0.2.8.7.
Recently, The Tor Project released Tor Browser 6.0.5 with numerous improvements. The new release is available for Windows, Linux, and Mac OS X. This self-contained software can run off a USB flash drive to ensure the anonymity of the user.
A major change coming to this release is the important security updates that fix the newly revealed extension update vulnerability. This loophole allows a hacker to obtain a valid certificate for addons.mozilla.org to imitate Mozilla’s servers and serve a malicious update.
Even though this arbitrary code execution is a hard task, it can be exploited by powerful players like nation states.
At the moment, Firefox stable version is unpatched. Mozilla is scheduled to release Firefox 49 on September 20 along with this patch. Till then, Firefox users should disable the automatic add-on updates–a feature which is turned on by default. A similar step should also be performed by Tor users who are avoiding the update.
Tor Browser 6.0.5 also comes with updated HTTPS-Everywhere and a new Tor stable version 0.2.8.7.
The Tor Project is working to prepare the alpha and hardened builds that will be released to alpha/hardened channel users next week.
Complete changelog since Tor Browser 6.0.4:
- Firefox updated to Firefox 45.4.0esr
- Tor updated to 0.2.8.7
- Torbutton updated to 188.8.131.52
- HTTPS-Everywhere updated to 5.2.4
- Added support for unpacked HTTPS Everywhere
- Rotate ports for default obfs4 bridges
- Go upgraded to 1.4.3
For more information, you can visit Tor Project’s blog. Similarly, find the download links on Tor distribution directory.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.