TOR: Security Bug in Current Version of TOR

A security bug was recently found in TOR! When you connect to a websocket service, your firefox will query your local dns server rather than communicating to TOR as it is supposed to do! Here is a copy from the TOR website on how to fix it!

To fix this dns leak/security hole, follow these steps:

  1. Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
  2. Type “websocket” (again, without the quotes) into the search bar that appears below “about:config”.
  3. Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.

See Tor bug 5741 for more details. We are currently working on new bundles with a better fix.

Firefox security bug (proxy-bypass) in current TBBs >> Torproject.org

About Michael David