Update: The TOR Project has updated its TorBrowser with a fix for the vulnerability. Users are advised to update to version 6.0.7 of TorBrowser as the vulnerability is actively exploited on Windows, TOR Project developer Georg Koppen said.

He advised Apple macOS / OS X and Linux users to also upgrade their browsers, as the bug affects the anonymising software running on those operating systems as well. But Koppen said there was no current indication that the bug has been exploited on Apple macOS / OS X or Linux.

Koppen said TorBrowser users who set their security slider to “high” are thought to be safe from the Javascript vulnerability.

The patch also updated the NoScript Javascript/Java/Adobe Flash blocker for Firefox to version 2.9.5.2.