Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Tech News

Mozilla rushes to patch Firefox zero-day exploit used to unmask Tor browser users

(TECH NEWS) Mozilla (Firefox) engineers quickly responded to and are working to patch a zero-day exploit that is being used de-anonymize The Onion Router (Tor) users.

Published

firefox

First responders

The bug was first made public on a Tor mailing list at 21:55:23 UTC 2016 on Tuesday and was quickly confirmed by Tor co-founder Roger Dingledine. Dingledine announced shortly the vulnerability had been initially discovered that Mozilla security engineers were actively working on a fix.

bar
As of 12:45 p.m. ET, Mozilla had released Firefox 50.0.01 to patch the bug, although a Tor browser update is still needed. Dingledine said in a message board post that after Mozilla released its patch, “then the step after that is a quick Tor Browser update.”.

The bug was believed to affect multiple Windows versions of Firefox, including the current version 50 and going back as far as version 41. The exploit code is a combination of HTML, CSS, and JavaScript and when hosted on a website and accessed through Firefox or Tor, would construct an SVG file that would trigger vulnerability that could send details about the user’s computer and connection to to a remote server.

The collected data included the user’s IP address and hostname.

Similarities to previous bugs

Analysis of the exploit is still underway, but the code appears to be similar to a 2013 Javascript zero-day in which attack code could be used to find a Tor user’s real IP address and relay it back to a server.

bar
That exploit was implemented by the United States Federal Bureau of Investigation in attempts to track down Tor users using the browser to access child pornography.

It is not known who is behind the current exploit.

What to do

Although a patch has been released, it is still recommended that Firefox users temporarily switch to an alternate browser such as Chrome or Safari when possible. Alternatively, they are advised to temporarily disable JavaScript on Firefox for as many sites as possible. Tor users are also recommended to turn off JavaScript, although disabling it goes against the official Tor recommendations.

Although it appears that the exploit currently only targets Firefox on Windows, security Dan Guido, noted on Twitter that macOS users of Firefox are also vulnerable.

Advertisement. Scroll to continue reading.

#FirefoxExploit

In this article:, , , , , , , ,
Written By

Brian is a staff writer at The American Genius who lives in Brooklyn, New York. He is a graduate of Washington University in St. Louis, and majored in American Culture Studies and Writing. Originally from California, Brian has a podcast, "Revolves Around Me," and enjoys public transportation, bicycles, the beach.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

we respect your privacy and take protecting it seriously

Advertisement

KEEP READING!

Twitter hacked again? Twitter hacked again?

Tech News

400M Twitter users’ data in one hacker’s hands? Steps to take now

Is the bird out of the bag? One hacker claims to have jacked over 400 MILLION folks' Twitter info… This is huge if true!

December 27, 2022
Woman confused at computer representing small business owner's being hacked at Meta. Woman confused at computer representing small business owner's being hacked at Meta.

Social Media

Meta deletes small business pages due to pre-holiday hacking

Due to a sophisticated pre-holiday attack on small businesses on Meta platforms, some owners are left in the dark.

November 29, 2022
Lock in computer keys representing cyberwarfare, cyber attacks, and threats against Cybersecurity.. Lock in computer keys representing cyberwarfare, cyber attacks, and threats against Cybersecurity..

Business News

Cybersecurity: Russia cyberattacks pose concerns for US hacking red lines

(BUSINESS) Governments are beefing up their cybersecurity in the midst of Russian cyberattacks. What does this mean for the US's hacking red lines?

May 11, 2022
Person open on hacking computer screen, typing on keyboard. Person open on hacking computer screen, typing on keyboard.

Business News

Ticketmaster caught red-handed hacking, hit with major fines

(BUSINESS NEWS) Ticketmaster has agreed to pay $10 million to resolve criminal charges after hacking into a competitor’s network specifically to sabotage.

January 5, 2021
Advertisement

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.