CVE-2016-3180

Name of the Vulnerable Software and Affected Versions Tor Browser Launcher versions prior to 0.2.4

Description The issue allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.

Recommendations For versions prior to 0.2.4, update to version 0.2.4 or later to resolve the issue. As a temporary workaround, consider verifying the integrity of downloaded files through alternative means until the update is applied.