If a malicious node tries to modify the response (of an https connection), would that be blocked by the browser upon receipt? i.e would it be possible for a malicious node to inject malware into the response that executes before it is blocked by the browser? Is there any risk with filedownloads with the same threat vector.
I can see a forged webpage attack here, but can’t find any discussion on what might happen in the case of https?
Not an expert in Tor but I will guess it is not possible for a malicious node to inject something into the stream of https. That’s the whole point of the onion and https. I would think the exit node could inject stuff into an unencrypted http page but the middle and entry nodes could not.
So I agree with your statement “I can see a forged webpage attack here”
Now a malicious site could send malicious content back to you and could have malicious code in a downloaded file. Tor does not protect you of that and was not designed to do that. This is your job and that of your AV.
I’m guessing here using what I read about the internals of Tor. If it’s wrong then someone should enlighten us.