Tor browser as possible attack vector - review/help needed

Hi. My friend is in a kind of stalking or targeted spying situation. Malicious party somehow obtained real-time info about his actions on a desktop. His browsing habits and traffic capture he did before disconnecting PC make tor browser a main candidate for both an initial attack vector and data exfiltration path.
OS - Fedora 43 KDE, wayland 1.24.0-1
Tor browser 15.0.13 x86_64

I ask for help:

  1. How feasible is such an attack? How much effort it would require?
  2. Do these segfault logs tell anything about attempted malicious actions?
    100 tor browser - JustPaste.it
    102 tor browser - JustPaste.it
    https://justpaste.it/cn9en
    108 tor browser - JustPaste.it
    110 tor browser - JustPaste.it
  3. Can there be any evidence in the OS logs in case of using browser exploit to access display server data?
  4. What ways to prevent such attacks? Browser isolation in a separate VM?
1 Like