Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.
References
Link | Resource |
---|---|
https://github.com/micahflee/torbrowser-launcher/issues/229 | Vendor Advisory |
http://www.securityfocus.com/bid/96140 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-02-07 09:59
Updated : 2017-02-28 11:22
NVD link : CVE-2016-3180
Mitre link : CVE-2016-3180
JSON object : View
CWE
CWE-254
7PK - Security Features
Products Affected
tor_browser_launcher_project
- tor_browser_launcher