Tor Browser Bundle For Firefox Security Bypass Vulnerability

Bugtraq ID:	53384
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	May 02 2012 12:00AM
Updated:	May 02 2012 12:00AM
Credit:	cypherpunks
Vulnerable:	Tor Tor Browser Bundle 2.2.35-9 Tor Tor Browser Bundle 2.2.35-10
Not Vulnerable:

Tor Browser Bundle For Firefox Security Bypass Vulnerability

Tor Browser Bundle for Firefox is prone to a security-bypass vulnerability.

An attacker can exploit this issue to disclose certain information which may aid in further attacks.

Note: This issue only affects the Tor Browser Bundle running with Firefox.

Tor Browser Bundle For Firefox Security Bypass Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

Tor Browser Bundle For Firefox Security Bypass Vulnerability

References:

• Firefox security bug (proxy-bypass) in current TBBs (Tor)
  
• TBB proxy bypass: Some DNS requests not going through Tor (Tor)
  
• Tor Browser Bundle Homepage (Tor)