HIGH
Tor Browser Launcher Project
CVE published 2017-02-07
CVE-2016-3180
CVE-2016-3180 affects Tor Browser Launcher (torbrowser-launcher) before 0.2.4. During the initial run, a man-in-the-middle attacker could bypass PGP signature verification and cause arbitrary code execution by supplying a trojan horse tar file together with a valid signature file. NVD classifies the issue as high severity and lists version 0.2.3 as vulnerable.