Security firm uses Twitter to disclose critical zero-day flaw in Tor Browser