NoScript Vulnerability in Tor Browser

Tor is the system preferred by users who wish to browse the internet anonymously. You can either set Tor up individually on your computer or mobile device, or in conjunction with the Tor Browser.

Tor Browser is careful to maintain your privacy by protecting your IP and fingerprint, which are used to differentiate you from other users. For instance, Tor Browser warns you when you try to maximize the browser window, since you can be tracked based on the viewport size and screen resolution.

Tor Browser might pay extra attention to user privacy, but even Tor developers make mistakes. A 0-Day vulnerability was found in the NoScript extension, which made it possible to expose the identities of Tor liveprivates users. This article explains how this script blocking extension works, and how it exposes the private information of Tor Browser users.
Script Blocking Feature

One security feature of Tor Browser is that it blocks all scripts from loading unless you tell it to do otherwise. Script loading is blocked in all websites, besides the ones you whitelist, using the NoScript extension. This prevents your IP from being exposed by JavaScript code running on the page, such as a WebRTC connection request. All potentially vulnerable content, such as ActiveX controllers and flash objects, will also be blocked.

The activation of NoScript extensions is related to the Content-Type of the page. This is because if the NoScript extension comes across a context that can run scripts, such as a page that has the Content-Type set to text/html, the extension immediately prevents the Javascript code from running.