Security Blog

Turmoil for TORMoil

TOR network TORMoil

Users that have been relying on the popular The Onion Router Anonymity Browser (also known as TOR Browser) for their privacy while surfing the web, should pay attention. If you are not familiar with TOR Browser or TOR network, I suggest taking a look at the home page of the TOR project:

Long story short, the TOR anonymity browser allows you to access a network, named TOR network, which makes your IP difficult to track since it bounces throughout different tunnels between the servers of the network (therefore the “ONION” in the name).

By using TOR you are basically able to guarantee yourself an adequate level of privacy.

Good right?

Now comes the bad news.

Recently, the Mac and Linux versions of the TOR Anonymity Browser have received a temporary fix for a critical vulnerability.

The flaw goes under the name of TORMoil, and was discovered by We are Segment, as published in their blogpost.

The vulnerability leaks users’ IP address(es) when they click on a link that begins with file:// instead of https:// or http://. Specifically, when the MacOS and Linux TOR Browser starts to open the file the underlying operating system might connect directly to the remote host, completely bypassing the TOR Browser.

TOR developers have worked closely with Mozilla developers (since TOR browser is based on Mozilla Firefox) to issue a workaround, since the IP leakage derives from a previous Firefox bug.

The bugfix is present in and in version 7.5a7 (alpha channel version) for Linux and MacOS users, while Windows users are not affected (for onceJ).

Once again, this blog post emphasizes the need to keep your systems and applications up to date.

If you have been using TOR anonymity Browser on MacOS and/or Linux in the past, you should be aware of and accept that your IP might have leaked and unsought people might be following your tracks.

  • 24 Solutions AB
  • Smedjegatan 2C
  • SE-13154 Nacka, Sweden
  • +46 (0)8 535 24 100