CVE-2017-16541
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-16541
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-16541.html
Vendor advisory: cve@mitre.org — https://trac.torproject.org/projects/tor/ticket/24052
Vendor advisory: cve@mitre.org — https://blog.torproject.org/tor-browser-709-released
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | sid | fixed | 62.0-1 |
| debian | bookworm | fixed | 60.2.0esr-1 |
| debian | bullseye | fixed | 60.2.0esr-1 |
| debian | forky | fixed | 60.2.0esr-1 |
| debian | trixie | fixed | 60.2.0esr-1 |
| rhel | 6.0 | affected | |
| rhel | 7.0 | affected | |
| rhel | 7.5 | affected | |
| rhel | 7.6 | affected | |
| rhel | 7.7 | affected | |
| macos | - | not-affected | |
| linux-kernel | - | not-affected | |
| debian | 8.0 | affected | |
| debian | 9.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| torproject | tor | {"endExcluding":"7.0.9"} | 7.0.9 |
References
- http://www.securityfocus.com/bid/101665
- http://www.securitytracker.com/id/1041610
- https://access.redhat.com/errata/RHSA-2018:2692
- https://access.redhat.com/errata/RHSA-2018:2693
- https://access.redhat.com/errata/RHSA-2018:3403
- https://access.redhat.com/errata/RHSA-2018:3458
- https://blog.torproject.org/tor-browser-709-released
- https://bugzilla.mozilla.org/show_bug.cgi?id=1412081
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
- https://security.gentoo.org/glsa/201810-01
- https://security.gentoo.org/glsa/201811-13
- https://trac.torproject.org/projects/tor/ticket/24052
- https://www.bleepingcomputer.com/news/security/tormoil-vulnerability-leaks-real-ip-address-from-tor-browser-users/
- https://www.debian.org/security/2018/dsa-4327
- https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/
- https://www.suse.com/security/cve/CVE-2017-16541.html
- https://security-tracker.debian.org/tracker/CVE-2017-16541
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.