“Automatic updates of Noscript are enabled by default, so you should get this fix automatically.It is possible that NoScript means allowing JavaScript to run unrestricted in general, not just in the Tor browser but also all browsers, can be very dangerous since after all, it can lead to tracking, XSS, Cross-Site Request Forgery after all. The Tor team confirmed that Noscript 11.0.17 should solve this issue and that the issue is automatically updated by default. If the “Value” column says “true”, then either right-click and select “Toggle” such that it is now disabled or double-click on the row and it will be disabled.”.If the “Value” column says “false”, then javascript is already disabled.If you require that javascript is blocked, then you may completely disable it by: “We are aware of a bug that allows javascript execution on the Safest security level (in some situations).” reads the post published by the Tor team. The bug causes the execution of JavaScript code even when the browser was set up to use the highest security level, the level “Safest”.
The maintainers of the Tor Project announced that they have discovered a bug in TBB’s security options. This week, the Tor Project released the Tor Browser version 9.0.6 that features important security updates to Firefox.
Such kind of scripts was also employed in investigations conducted by law enforcement, in 2013, the FBI admitted attack against the Freedom Hosting, probably the most popular Tor hidden service operator company at the time. Malicious JavaScrip codes could reveal the real IP addresses of Tor users if executed. The feature that prevents the execution of JavaScript code on specific sites is essential for the privacy-friendly Tor Browser that uses it to prevent online surveillance. The development team at the Tor Project announced that it is already working on a fix, but at the time it is not clear when it will be rolled out.
0 kommentar(er)
