Man-in-the-Middle Vulnerability in Tor Browser Launcher by The Tor Project
CVE-2016-3180

8.1HIGH

Key Information:

Vendor

Tor Browser Launcher Project

Status
Tor Browser Launcher
Vendor
CVE Published:
7 February 2017

What is CVE-2016-3180?

The Tor Browser Launcher prior to version 0.2.4 is susceptible to a security flaw that allows man-in-the-middle attackers to circumvent the verification process for PGP signatures. This vulnerability can enable an adversary to deliver a Trojan horse tar file along with a legitimate signature file, ultimately leading to the execution of arbitrary code. Users of affected versions are strongly advised to update to a secure version to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/micahflee/torbrowser-launcher/issues/229
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96140
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.