The TorMoil Bug – Tor Browser Critical Security Vulnerability

Recently, our CEO, Filippo Cavallarin, discovered a critical security vulnerability in Tor Browser affecting Mac and Linux users that can lead to the leakage of users real IP address. We named it TorMoil.
We are Segment respects the Responsible Disclosure principles so further details are not disclosed right now as not all users have updated yet. We’ll disclose the exploit and all the details once a proper fix for the underlying issue is available to all users.

Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser

If you are one of those people that rely on Tor Browser to safely browse the Internet, the message is just one: keep your Tor Browser updated!

For those of you who don’t know what Tor Browser is, it is a free application to browse the internet with a high degree of privacy. Using Tor Browser is advantageous to people around the world facing a variety of threats, from advertisers collecting and selling personal data, to oppressive censorship and surveillance. More information about the Tor Project is available at: https://torproject.org.