corrective releases of the Tor toolkit (0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha) used to run the Tor anonymous network. The new versions fix two vulnerabilities:
- - can be used by any attacker to initiate a relay denial of service. The attack can also be carried out by Tor directory servers to attack clients and hidden services. An attacker can create conditions that lead to too much load on the CPU, disrupting normal operation for a few seconds or minutes (repeating the attack can stretch the DoS for a long time). The problem has been manifesting since release 0.2.1.5-alpha.
- - a remotely initiated memory leak that occurs when double matching additional cells (circuit padding) for the same circuit.
It can also be noted that in the vulnerability in the add-on remains unpatched , which allows you to organize the launch of JavaScript code in the "Safest" protection mode. For those for whom disabling JavaScript execution is important, it is recommended to temporarily disable the use of JavaScript in the browser completely in about:config by changing the javascript.enabled parameter in about:config.
An attempt was made to fix the problem in , but as it turned out, the proposed fix does not completely solve the problem. Judging by the changes in the next released release , the problem is also not solved. Tor Browser has NoScript auto-updating enabled, so once a fix is ββavailable, it will be delivered automatically.
Source: opennet.ru