Multiple zero-days in Tor have been disclosed online

After unsuccessfully trying to report bugs to the Tor Project for years, a security researcher has publicly disclosed two zero-day vulnerabilities which impact both the Tor network and the Tor browser.

In two recent blog posts, Dr. Neal Krawetz announced that he has decided to go public with details on multiple zero-days in Tor after the Tor Project failed to address the security issues he reported. Krawetz also plans to reveal at least three more Tor zero-days including one that can be exploited to show the real-world IP addresses of Tor servers.

Source Article