On 12/08/15 17:39, ThinRhino wrote:
On 12-08 14:27, Vikas Tara wrote:
On 12/08/15 13:57, ThinRhino wrote:
Yes it can make you anonymous, but there are also known flaws and weaknesses
that can be exploited.
Can you point to any links to news reports on browser exploits.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1690
was apparently used for exactly this purpose.
https://community.rapid7.com/community/metasploit/blog/2013/08/07/heres-that-fbi-firefox-exploit-for-you-cve-2013-1690
Basically it was a Firefox bug, which was exploited! Also the bug was for FF
17.x and we are on FF 40.x today!
Sorry - I should have been a bit more clear. The issue that I would like
to highlight is that
the browser bundle is dependant on components and any one of them could
be open to
exploit.
Firefox ESR is one possibility - and as shown - has potentially already
been used for defeating tor. I agree this
was some time ago, but it was the first example that I found.
Being on 17.x or 40.x doesn't mean that there couldn't be an exploit,
know to someone, that could compromise anonymity.
I guess people should know what the risks are and make their choices
with that knowledge.
_______________________________________________
plug-mail mailing list
plug-mail@plug.org.in
http://list.plug.org.in/listinfo/plug-mail
