The vulnerability was discovered by an independent cyber security researcherRoy Jansen.
But their userbase/blog visitors are.
Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site.
The screenshot tweeted included a popup; Jansen says this means that an attacker could also inject malicious JavaScript.
Roy told Techworm that its good Tor Project has patched vulnerability and a simple thanks would have helped!
@torprojecthttps://t.co/zCfxpvhH5Z
~??
(@RoyJansen_01)February 7, 2016
Read More
source: www.techworm.net
