The Tor Project, the organization behind the anonymity-focused Tor browser, has announced yet another release. The Tor browser 8.0.8 is now available for use.
Since their last release, the team behind Tor never stopped improving their product, making it even more bugless and safe to use.
Prior installation of Tor is not required, regardless of the software in the device you are using.
With the newest release of Tor comes another wave of important security updates. This time around, the improved Tor browser features changes mainly based on Firefox’s recent updates.
The Changelog of Tor Browser 8.0.8
Since announcing the last update of the Tor Browser 8.0.7 earlier in March, the Tor Project once again managed to find flaws and improve the quality of their browser.
In the newest release, the main change is the Firefox update to 60.6.1esr.
Besides recognizing these Firefox security updates as essential, during the Pwn2Own contest, the organization also found bugs worth focusing on.
In Firefox 60.6.1, two security vulnerabilities were fixed.
The impact of the errors was found to be critical, so this version was offered to the ESR channel users.
The first vulnerability, referenced as Bug 1537924, included a potential lead to buffer overflow and missing bounds check due to the inaccurate alias info in IonMonkey JIT collector for Array.prototype.slice procedure.
This bug was reported by Amat Cama and Richard Zhu via Trend Micro’s Zero Day Initiative.
The second vulnerability, also known as Bug 1538006, included incorrect management of __proto__ mutations.
This defect can cause a possible confusion in the IonMonkey JIT code. Further, the disorientation can result in arbitrary memory read and write.
Niklas Baumstark was the reporter of this bug via Trend Micro’s Zero Day Initiative.
More Updates to the Tor Browser
In addition to Firefox’s update to a more advanced version, the full changelog since Tor Browser 8.0.7 includes more updates.
Under the platforms renewed, NoScript can be found too. With the newest release 8.0.8, NoScript was updated to 10.2.4.
Another bug, referred to as Bug 29733, was also taken care of. The ticket for this specific error was opened three weeks ago and closed March 21.
Due to working around Mozilla’s bug 1532530, the 29733 vulnerability mentions disabling the NoScript XSS protection.
The priority of this ticket was labeled “very high,” and the severity was recognized as normal.