Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser.
Dr. Neal Krawetz, a computer forensics expert, revealed on Monday several problems with the amount of details the Tor Browser discloses about users, which may allow a determined actor to identify users employing the Tor Browser to surf the Internet.
The way in which Firefox caches intermediate CA certificates allows a third-party to deduce various details about website visitors and also link advertising profiles to private browsing sessions.
Downloading and trying to open Windows DRM-protected files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned.
A team of researchers from universities across the US has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine.
Mozilla engineers have added a mechanism to Firefox 52 that prevents websites from fingerprinting users using system fonts.
Developers at the Tor Project have started working on a sandboxed version of the Tor Browser, currently available as an early alpha version for Linux systems. Currently, this version is in an early alpha stage, and only available for Linux. There are no binaries available, and users must compile it themselves from the source code.
Mozilla engineers are working on a patch to fix a zero-day exploit that's currently being used to deanonymize Tor Browser users.