Users of the Tor web browser are encouraged to update it as soon as possible.

Users of the Tor web browser are advised to update it as soon as possible to the latest version 6.0.5. The new version of the web browser includes fixing a serious Firefox vulnerability with an internal ESR-45 identifier, which allows attackers who have received a valid or fake TLS digital certificate for the addons.mozilla.org website to install malware through the delivery of a malicious update. for the NoScript extension.

This has been recently announced extension update vulnerability . All users should upgrade as soon as possible.

The vulnerability itself ( Tor Browser certificate pin bypass for addons.mozilla.org ) allows trained attackers to organize a covert RCE attack on users of the Tor web browser on various platforms, including Windows, Linux, and OS X.
')

He added that he would like to give you a copy of the threat code. This could lead to arbitrary code execution. Moreover, other built-in certificate pinnings are affected as well. It’s not a problem, but it’s not a matter of adversaries (eg nation states).

Other vulnerabilities are used to exploit vulnerabilities, such as the ability to digitally sign extensions based on a fully automated process. The attack process may consist of the following steps.

• Develop a malicious extension with the appropriate code for the attacking code, and then sign it with Mozilla.
• Generate a fake digital certificate for addons.mozilla.org, which can be tested by any CA from the Firefox repository (is a very difficult task, but not impossible for state-sponsored attackers).
• Organize a MitM attack on traffic passing between addons.mozilla.org and the victim system when updating NoScript.
• The malicious extension is delivered to the intended victim instead of a legitimate update.

We recommend that users upgrade their copy of the web browser to version 6.0.5. You can download it here or on the web page with the distribution directory.

In more detail vulnerability is described in the following sources:

» Hackernoon.com
» Seclists.org


be secure.