To exploit this vulnerability to deanonymize a Tor Browser user an attacker needs to host the malicious page on a server he/she owns, trick the victim into load the malicius page and watch the output of tcpdump (running on the webserver).ĭoing so the browser of the victim will show a loading indicator until a successful NFS is preformed of until the NFS timeout is reached.Īs a result the victim may notice that something unusual is happening.
host an html page with the following content:.To demostrate this issue follow the steps below: This vulnerability only affects Mac OS X users with default configuration and Linux user with automount package installed and configured properly. NFS mount points are handled by the kernel so there is no way for a browser to tunnel their connections thru a proxy.Īn interesting part is that this vulnerability can be exploited even if javascript is disabled. The vulnerability also affects Firefox (ver. Tor Browser version 7.0.8, and probably prior, for Mac OS X and Linux, is affected by an information disclosure vulnerability that leads to full de-anonymization of website visitors using just a single html tag.
0 kommentar(er)
