PT-2022-12905 · Tor · Tor Browser
Published
2022-02-26
·
Updated
2022-03-10
·
CVE-2021-46702
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tor Browser version 9.0.7
Description
The issue allows local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product, because the product doesn't properly free memory.
Recommendations
For Tor Browser version 9.0.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tor Browser