Shulou(Shulou.com)05/31 Report--

Tor project released a new version of Tor browser v.8.5.2, which addresses a key vulnerability found in Mozilla Firefox that has been actively abused in the wild.

According to the release notes for Tor browser 8.5.2, the latest version of anonymous browsers-very popular among those concerned with privacy and censorship-includes a fix for CVE-2019-11707, a key type of confusing vulnerability in Firefox's Array. POP component.

Mozilla said that if exploited, this could cause the browser to crash.

In an interview with ZDNet, Gro said that in addition to crashes, the vulnerability could also be used for remote code execution with sandboxie escape warnings and cross-site scripting (XSS) attacks.

Users with security and the most secure security level in ToR are not affected.

In addition to addressing this serious security issue, the Tor project also updated NoScript to 10.6.3, fixing a number of problems, including browser freezes and accidental blocking of MP4 videos.

CNET: when smart TV is the only choice, your privacy choice will fail.

The Android token that delays access to Tor means that the Android 8.5.2 version of the Tor browser has not yet been released and is not expected to log in until the weekend. Although the mobile version of Tor will get the same patch, Android users are advised to move to a secure or most secure level to reduce the risk of active attacks.

You can do this by navigating to the menu on the right side of the URL bar and selecting Security Settings for Android users.

Techrepublic: AI enhanced malware poses a threat to your organization.

The complete change log can be found here.

In related news, Oracle released a cross-border patch on Wednesday to address a zero-day vulnerability in WebLogicServer software.

Chinese cyber security researchers reported the vulnerability, CVE-2019-2729, less than a week ago. If this vulnerability is exploited, a network attacker can take advantage of a zero-day security vulnerability to hijack a user's system and run arbitrary code.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.