it's a "known issue" maybe it should be mentioned in the documents with more clarity. it seems the author of this post stumbled over what is well known to many people and then went on a diatribe. looks like he hit a nerve so maybe it's really an issue with documentation. on the other hand people should learn about how to think via threat models. not sure if the tor project should be expected to cover every hypothetical scenario, and if they did would people study it?

You classify it as a threat that is outside the threat model that tor can defend against.

Tor is a tool like any other. It has certain strengths and certain weaknesses. When you're evaluating any security product you always have to determine if the security properties the tool provides match up with the security properties you need. Tor is no different.

As a PhD student my main topic was the period of time just after the disclosure of a vulnerability. This is the most threatening stage of its life cycle as mitigations are not disseminated in the community yet (a patch may be available but nobody installed it yet, etc.).

We struggled to find a commonly accepted term for vulnerabilities at this stage of their life cycle, but we finally settled on n-day vulnerability. This term have been relatively well accepted by the vulnerability research community.

The exact length of this period is completely dependent on the velocity of the community to adopt a mitigation such as a patch. Heartbleed and Shellshock had been massively mitigated in a matter of days or weeks, but EternalBlue based-attacks still caught a lot of production systems off-guard more than a year after its disclosure.

For what it's worth, until the widespread dissemination of auto-updaters, into the mid-late 2000's, you were describing most vulnerabilities. Most things stayed highly exploitable for a very long time. We didn't have a special name for them.