au.billion.com website appears to compromise Tor Browser
A Tor vulnerability exists
A Tor vulnerability exists and is being exploited by a website to load content that Tor would normally not permit to load, including fonts. It also appears to break how the internal DOM is displayed in the developer view. Given that it seems to affect Tor Browser at such a low level, I'm of the opinion that at a minimum this vulnerability would compromise an entire session of Tor Browser.
The website in question that runs this exploit is at https://au.billion.com/ . After loading the page please see the developer tools and especially the Console tab. The website itself says it is 'Under Development' and might not function properly, dubious in itself. Some plausible deniability, perhaps?
I have been able to replicate this issue on saved website data that I have stored locally and on a compact disc that I've placed into the possession of a nearby activist, I have informed others including those involved in anonymous networks to expect a fix to a problem loosely described but have stopped short of giving them the offending website. If this issue is not fixed in the production build by june 10 midnight +0000. I/them will have no choice but to reveal the offending website and thus the exploit.
Finder's Bounty (bitcoin://1DtALHLLSP8TVeUEPcaDNuzWn6RRYDpE1H)