CVE-2017-16541

Published: 04 November 2017

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (62)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver)
Released (62.0+build2-0ubuntu0.18.04.3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (62.0+build2-0ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (60.2.1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:60.2.1+build1-0ubuntu0.18.04.2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:60.2.1+build1-0ubuntu0.16.04.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist