Tor has beefed up security, but does this make it a safe environment for those looking to be anonymous online?
Tor Browser 7.5 has been released this week complete with a bunch of security fixes that have already been rolled out to the Firefox Extended Support Release (ESR) 52.6 client it is built upon. Firefox ESR is similar to other versions of the Mozilla browser client, but doesn’t update as frequently apart from the regular security updates.
Earlier this month the latest version of Tor itself, 0.3.2.9, was also released and also included a bunch of security updates, including: better crypto, improved directory protocol (less information leakage to directory servers and smaller attack surface for targeted attacks) and better onion address spoofing protection. Security fixes include a denial of service bug using malformed directory objects to “cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal” and another where an attacker could “crash a directory authority using a malformed router descriptor.”