Zerodium, the infamous exploit vendor that offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a flaw in the anonymous browsing software. The flaw resides in the NoScript browser plugin that comes pre-installed with the Mozilla Firefox bundled in the Tor software. NoScript is a free browser extension that blocks malicious JavaScript, Java, Flash and other potentially dangerous content on all web pages by default. The latest version of Tor browser, i.e., Tor 8.0, is not vulnerable to this flaw, as NoScript plugin designed for the newer version of Firefox is based upon a different API format.
Source: https://thehackernews.com/2018/09/tor-browser-zero-day-exploit.html