[otriv]

The article says:

> This Tor Browser exploit was acquired by Zerodium many months ago as a zero-day and was shared with our government customers.

It's a possibility that it has been used. I'm not sure if a government would buy an exploit and not use it before it's patched, unless they couldn't find any use for it. This exploit is different than the one the FBI used on the child porn site though. They'd need to combine it with something that can bypass the Tor Browser's socks5 setting. It would be a much bigger deal if they had an exploit that could do that.

[djsumdog]

> This exploit is different than the one the FBI used on the child porn site though

I was wondering if this was related to the Playpen case. I thought the FBI refused to release any information on that (and subsequently charged were dropped against several of the people they arrested).

Who has discovered with was the Tor Brower's socks5 setting?

[tgragnato]

The bounty was specifically targeting Tor Browser on Tails and/or Windows 10. This vulnerability affects the security settings at high, so the payouts were 185k for cross platform RCE, and 250k for cross platform RCE+LPE.

> We've launched back in December 2017 a specific and time-limited bug bounty for Tor Browser and we've received and acquired, during and after the bounty, many Tor exploits meeting our requirements

If we have to take their words for granted, "many exploits" probably means they have a LPE too. And when you escalate, you are able to bypass both SOCKS5 and Tails' firewall.