CVE-2017-16541 : Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discove

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

Published 2017-11-04 18:29:00

Updated 2022-04-18 17:30:07

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2017-16541

Probability of exploitation activity in the next 30 days: 0.68%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-16541

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-16541

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-16541

https://security.gentoo.org/glsa/201811-13

Mozilla Thunderbird: Multiple vulnerabilities (GLSA 201811-13) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4327

Debian -- Security Information -- DSA-4327-1 thunderbird
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

[SECURITY] [DLA 1575-1] thunderbird security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1041610

Mozilla Firefox Multiple Bugs Let Remote Users Spoof the Address Bar, Bypass Security Restrictions, and Execute Arbitrary Code - SecurityTracker
Broken Link

CVEs referencing this url
https://security.gentoo.org/glsa/201810-01

Mozilla Firefox: Multiple vulnerabilities (GLSA 201810-01) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1412081

1412081 - (CVE-2017-16541) Proxy bypass caused by autofs on Mac, Linux
Exploit;Issue Tracking;Third Party Advisory
https://trac.torproject.org/projects/tor/ticket/24052

#24052 (Streamline handling of file:// resources on OS X and Linux) – Tor Bug Tracker & Wiki
Issue Tracking;Vendor Advisory
http://www.securityfocus.com/bid/101665

Tor Browser CVE-2017-16541 Information Disclosure Vulnerability
Broken Link
https://access.redhat.com/errata/RHSA-2018:3403

RHSA-2018:3403 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:3458

RHSA-2018:3458 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:2692

RHSA-2018:2692 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.bleepingcomputer.com/news/security/tormoil-vulnerability-leaks-real-ip-address-from-tor-browser-users/

TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users
Issue Tracking;Third Party Advisory
https://blog.torproject.org/tor-browser-709-released

Tor Browser 7.0.9 is released | Tor Blog
Issue Tracking;Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2693

RHSA-2018:2693 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.wearesegment.com/research/tormoil-torbrowser-unspecified-critical-security-vulnerability/

TorMoil: TorBrowser unspecified critical security vulnerability - WeAreSegment
Issue Tracking;Third Party Advisory

Products affected by CVE-2017-16541

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Torproject » TOR
Versions before (<) 7.0.9
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A

Vulnerability Details : CVE-2017-16541

Exploit prediction scoring system (EPSS) score for CVE-2017-16541

CVSS scores for CVE-2017-16541

CWE ids for CVE-2017-16541

References for CVE-2017-16541

Products affected by CVE-2017-16541