Stories
Slash Boxes
Comments

SoylentNews is people

Firefox Zero-Day Exploit is Being Used to Attack Tor Users

posted by janrinok on Wednesday November 30 2016, @10:32AM   Printer-friendly
from the check-your-security dept.

An Anonymous Coward writes:

Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln

"Mozilla is scrambling to patch a vulnerability in Firefox that is apparently being exploited in the wild to unmask Tor Browser users.

Earlier today, a small package of SVG, JavaScript and x86 code popped up on a Tor mailing list that, when opened by Firefox or Tor Browser on a Windows PC, phones home to a remote server and leaks the user's MAC address, hostname and potentially their public IP address. Typically, this exploit would be embedded in a webpage and leap into action when opened by an unsuspecting visitor."

http://www.theregister.co.uk/2016/11/30/possible_tor_browser_decloak_zero_day_dropped_patch_in_works/
https://web.archive.org/web/20161130072235/http://www.theregister.co.uk/2016/11/30/possible_tor_browser_decloak_zero_day_dropped_patch_in_works/

Firefox 0day in the wild is being used to attack Tor users

The malicious payload it delivers, according to an independent researcher who goes by the Twitter handle @TheWack0lian, is almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site. The FBI ultimately acknowledged responsibility for the exploit, which was embedded in Web pages served by a service known as Freedom Hosting.

http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
https://web.archive.org/web/20161130031656/http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/

[tor-talk] Javascript exploit

"This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP."

https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
https://web.archive.org/web/20161130003501/https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html

[Editor's Note: The reporting only mentions Windows PCs, but it might not be limited to this OS.]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Firefox Zero-Day Exploit is Being Used to Attack Tor Users | Log In/Create an Account | Top | 24 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jmorris on Wednesday November 30 2016, @04:44PM

    by jmorris (4844) on Wednesday November 30 2016, @04:44PM (#434987)

    Yup. Obviously Firefox is allowing outside content to trigger execution to jump somewhere it shouldn't. On Windows they are using that first exploit to get into the win32 APIs, since that is the way to get to the goodies on a Windows PC. But if that first Firefox bug is also exploitable on Linux they will quickly be injecting an exploit that will call into glibc if the browser detection shows Linux.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2