Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Attacker gains custody of an addons.mozilla.org TLS certificate (wildcard preferred)
- Attacker begins deployment of malicious exit nodes
- Attacker intercepts the NoScript extension update traffic for addons.mozilla.org
- Attacker returns a malicious update metadata file for NoScript to the requesting Tor Browser
- The malicious extension payload is downloaded and then silently installed without user interaction
- At this point remote code execution is gained
- The attacker may use an additional stage to further implant additional software on the machine or to cover any signs of exploitation
- https://lists.immunityinc.com/pipermail/dailydave/2016-September/001284.html
- https://blog.torproject.org/detecting-certificate-authority-compromises-and-web-browser-collusion
- https://medium.com/@movrcx/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.fjup01gkm
Add Comment
Please, Sign In to add comment