There is a nasty bug in TorBrowser whereby the version of Firefox it uses will NOT update you to the latest version. It literally LIES to you that you have the latest version. My screenshot image above proves this! If that version happens to be Firefox v17.0.6, you are living in Security HELL. Tor is betraying you and letting evil SURVEILLANCE RATS compromise your anonymity. IOW: It's a total Tor FAIL.
Therefore, if you are using TorBrowser v2.3.25-8 or -9 you must MANUALLY go to the Tor website, download the latest version and install it NOW!
Because I attempt to keep this blog on the level of an average Mac user, and because this SEVERE compromising of TorBrowser has been vastly covered elsewhere, I'm not going to provide details here. Instead, here is a series of links describing the problem as well as theories as to who the evil SURVEILLANCE RATS might be:
Tor security advisory: Old Tor Browser Bundles vulnerable
Investigating Security Vulnerability Report
- Mozilla Security Blog
Attackers wield Firefox exploit to uncloak anonymous Tor users
Publicly available exploit threatens all Tor users unless they take action now.
-Dan Goodin @ars technica
Update: Researchers say Tor-targeted malware phoned home to NSA
-Sean Gallagher @ars technica
There we go
by Cryptocloud_Team » 05 Aug 2013 13:34
To the TOR Project:
The TorBrowser project is not working. You have GOT to either keep up with EVERY Firefox update or program in a SERIOUS auto-updating system. REMOVE the LIAR code in your implementation of Firefox that tells the user it is up-to-date with the browser when it is NOT!
IOW: Using TorBrowser is DANGEROUS, potentially a way to HURT users rather than protect them. Therefore, immediate change in the project is REQUIRED NOW. You can't delay and expect TorBrowser to maintain its reputation. It won't. It will be marked as a FAILed project. Consider my warning here as one very deliberate mark AGAINST TorBrowser. I'll continue to rail on about this problem UNTIL you fix it permanently. I'm that vehement about real Internet user security.
Please communicate with me and my Mac security interest group about this situation. We'd be pleased to assist.