Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Tech News

Mozilla rushes to patch Firefox zero-day exploit used to unmask Tor browser users

(TECH NEWS) Mozilla (Firefox) engineers quickly responded to and are working to patch a zero-day exploit that is being used de-anonymize The Onion Router (Tor) users.

firefox

First responders

The bug was first made public on a Tor mailing list at 21:55:23 UTC 2016 on Tuesday and was quickly confirmed by Tor co-founder Roger Dingledine. Dingledine announced shortly the vulnerability had been initially discovered that Mozilla security engineers were actively working on a fix.

bar
As of 12:45 p.m. ET, Mozilla had released Firefox 50.0.01 to patch the bug, although a Tor browser update is still needed. Dingledine said in a message board post that after Mozilla released its patch, “then the step after that is a quick Tor Browser update.”.

The bug was believed to affect multiple Windows versions of Firefox, including the current version 50 and going back as far as version 41. The exploit code is a combination of HTML, CSS, and JavaScript and when hosted on a website and accessed through Firefox or Tor, would construct an SVG file that would trigger vulnerability that could send details about the user’s computer and connection to to a remote server.

The collected data included the user’s IP address and hostname.

Similarities to previous bugs

Analysis of the exploit is still underway, but the code appears to be similar to a 2013 Javascript zero-day in which attack code could be used to find a Tor user’s real IP address and relay it back to a server.

bar
That exploit was implemented by the United States Federal Bureau of Investigation in attempts to track down Tor users using the browser to access child pornography.

It is not known who is behind the current exploit.

What to do

Although a patch has been released, it is still recommended that Firefox users temporarily switch to an alternate browser such as Chrome or Safari when possible. Alternatively, they are advised to temporarily disable JavaScript on Firefox for as many sites as possible. Tor users are also recommended to turn off JavaScript, although disabling it goes against the official Tor recommendations.

Advertisement. Scroll to continue reading.

Although it appears that the exploit currently only targets Firefox on Windows, security Dan Guido, noted on Twitter that macOS users of Firefox are also vulnerable.

#FirefoxExploit

Written By

Brian is a staff writer at The American Genius who lives in Brooklyn, New York. He is a graduate of Washington University in St. Louis, and majored in American Culture Studies and Writing. Originally from California, Brian has a podcast, "Revolves Around Me," and enjoys public transportation, bicycles, the beach.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Advertisement

KEEP READING!

Social Media

Due to a sophisticated pre-holiday attack on small businesses on Meta platforms, some owners are left in the dark.

Business News

(BUSINESS) Governments are beefing up their cybersecurity in the midst of Russian cyberattacks. What does this mean for the US's hacking red lines?

Business News

(BUSINESS NEWS) Ticketmaster has agreed to pay $10 million to resolve criminal charges after hacking into a competitor’s network specifically to sabotage.

Tech News

(TECH NEWS) In the rush to transition to remote working environments, one important component was left out: cybersecurity. What can we do about it...

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.