On Wednesday 12 Aug 2015 6:14:37 PM Vikas Tara wrote: > On 12/08/15 17:39, ThinRhino wrote: > > On 12-08 14:27, Vikas Tara wrote: > >> On 12/08/15 13:57, ThinRhino wrote: > >>>>> Yes it can make you anonymous, but there are also known flaws and > >>>>> weaknesses that can be exploited. > >>> > >>> Can you point to any links to news reports on browser exploits. > >> > >> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1690 > >> was apparently used for exactly this purpose. > >> https://community.rapid7.com/community/metasploit/blog/2013/08/07/heres-t > >> hat-fbi-firefox-exploit-for-you-cve-2013-1690> > > Basically it was a Firefox bug, which was exploited! Also the bug was for > > FF 17.x and we are on FF 40.x today! > > Sorry - I should have been a bit more clear. The issue that I would like > to highlight is that > the browser bundle is dependant on components and any one of them could > be open to > exploit. > > Firefox ESR is one possibility - and as shown - has potentially already > been used for defeating tor. I agree this > was some time ago, but it was the first example that I found. > > Being on 17.x or 40.x doesn't mean that there couldn't be an exploit, > know to someone, that could compromise anonymity. > > I guess people should know what the risks are and make their choices > with that knowledge. >
I tend to agree with Vikas on the argument that there could be possible exploit... Nothing in this world guarantees absolute security, not even silence (psi-lens) -- Consultant Spirituel GuRuV!SiON _______________________________________________ plug-mail mailing list plug-mail@plug.org.in http://list.plug.org.in/listinfo/plug-mail
