HomesecurityTor Browser Update: Fixed a serious vulnerability

Tor Browser Update: Fixed a serious vulnerability

Tor Project released Tor browser version 10.0.18 to fix many bugs, including a vulnerability that allows websites to track users by fingerprinting applications installed on their devices.

Tor Browser

See also: Noyb - Europe: Necessary browser-level control that will end the "nightmare" of cookie consent

In May, the fingerprint company JavaScript FingerprintJS revealed a "flooding" vulnerability that allows users to monitor different browsers based on the applications installed on their device.

To track users, a tracking profile is created for a user trying to open various application URL handlers, such as zoommtg: //, and check if the browser starts a prompt, such as the one for Zoom below.

See also: Vivaldi browser is updated with new features

If the application message is displayed, the application can be considered to be installed on the device. By checking for multiple URL handlers, the vulnerability could generate an ID based on the unique configuration of the installed applications on the user's device.

This ID can then be found in different browsers, such as Google Chrome, Edge, Tor Browser, Firefox, and Safari.

This vulnerability particularly affects Tor users who use the browser to protect their identity and IP address from being logged in to websites. As this vulnerability monitors users in all browsers, it could allow websites, even law enforcement, to track a user's actual IP address when they go to an anonymous browser, such as Google Chrome.

With the release of Tor Browser 10.0.18, the Tor Project introduced a fix for this vulnerability, setting the "network.protocol-handler.external" setting to false.

See also: Vivaldi browser acquires "Cookie Crumbler" function

This default setting will prevent the browser from transferring the handling of a specific URL to an external application and thus no longer activating the application prompts.

Complete changelog

The complete changelog for Tor 10.0.18 is:

All platforms

  • Tor update to


  • Fenix ​​update to 89.1.1
  • NoScript update to 11.2.8
  • Error 40165: Announcing the removal of the v2 onion service in about: tor
  • Error 40166: Hide the "Normal" tab (again) and the Sync tab in TabTray
  • Error 40167: Hide "Save to Collection" in the menu
  • Error 40169: Restarting fenix repairs on fenix v89.1.1
  • Error 40170: Error creating tor-browser-89.1.1-10.5-1
  • Error 40432: Prevent detection of installed applications

Construction system


  • Error 40290: Update mozilla89-based Fenix ​​components

You can upgrade to Tor Browser 10.0.18 by opening the menu, going to Help, and selecting About Tor Browser, which will automatically check and install new updates.

You can also download the latest browser from download page of the Tor browser and from distribution directory.

Source of information:

Teo Ehc
Be the limited edition.