Blog Archives
TOR: Security Bug in Current Version of TOR
A security bug was recently found in TOR! When you connect to a websocket service, your firefox will query your local dns server rather than communicating to TOR as it is supposed to do! Here is a copy from the TOR website on how to fix it!
To fix this dns leak/security hole, follow these steps:
- Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
- Type “websocket” (again, without the quotes) into the search bar that appears below “about:config”.
- Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.
See Tor bug 5741 for more details. We are currently working on new bundles with a better fix.
Firefox security bug (proxy-bypass) in current TBBs >> Torproject.org