Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Mozilla fixes zero-day Firefox bug used to attack Tor users

2 min. read

Updated onDecember 3, 2016

updated onDecember 3, 2016

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

TheTor browseris the most widely used privacy tool to browse the Internet anonymously. The Tor Project built the network partially on open source code similar to an old version ofFirefox. Exploit a vulnerability in that Firefox version and you unmask the otherwise anonymous Tor users. That’s what happened with Mozilla’s popular browser this week, and the organization was quick to roll out an update that fixes the zero-day vulnerability.

A public Tor Project mailing list revealed the bug which prompted Mozilla to update Firefox to version 50.0.2. The Tor Project team also issued patches for the Tor browser that now bumps it up to version 6.0.7. While The Tor Project believes the vulnerability has affected only the Windows users, it is also possible that the bug has hit macOS and Linux users as well.

The zero-day vulnerability also affected Mozilla’s Thunderbird e-mail application and the Firefox Extended Support release version. Daniel Veditz, Mozilla’s security team lead, wrote in a blog post:

The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code. It used this capability to collect the IP and MAC address of the targeted system and report them back to a central server.

A serious threat

If an attacker can lure a user into visiting a malicious web content, it is possible to remotely execute arbitrary code on the system by taking advantage of the vulnerability.

Security experts believe the exploit is similar to a Firefox flaw the FBI used in 2003 to identify visitors to a child-abuse site. Veditz wrote that the threat now poses a serious threat to privacy if a government agency indeed built it.

This similarity has led to speculation that this exploit was created by FBI or another law enforcement agency.

Read also:

More about the topics:Firefox guides,Tor Browser

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina