TOR bug

Recently, there have been found a bug in TOR whether using http or HTTPs that been triggered where it’s known as “TORMOIL” a members of TOR project have provided a temporary solution until the final fix on this is been release to the public.

How the bug works?

When the victims/user use the TOR browser, the attacker can bypass the TOR browser and can directly access the remote host of the victims/user.

However, this is only effect the Linux and Mac OS user only while Windows OS is not yet been reported effect by this bug.

TOR official have post the known issues on their website like below:

 The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore.

In particular entering file:// URLs in the URL bar and clicking on resulting links is broken.

Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.


As been mentioned on their website, TOR browser 7.0.9 have been released but however all the windows user can still use the TOR browser 7.0.8 where it not effect on the Windows Operating System.

They still working on the TOR alpha series fix which they will scheduled release on this Monday. The Mac OS and Linux user are advisable to update their version of TOR browser to a stable version which in this case, TOR browser 7.0.9

Source: Tor Browser 7.0.9 is released and Twitter: The TOR ProjectT

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *