Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Friday December 02 2016, @01:06PM   Printer-friendly
from the stay-safe dept.

ThreatPost reports that Mozilla Patches Firefox Zero day Used to Unmask Tor Browser Users:

As expected, Mozilla released a new version of Firefox on Wednesday to address a zero-day vulnerability that was actively being exploited to de-anonymize Tor Browser users.

The vulnerability, disclosed on a public Tor Project mailing list late Tuesday night, forced the Tor Project to also issue an emergency update (6.0.7) in its Tor Browser – which is partially built on open source Firefox code – on Wednesday.

According to Daniel Veditz, who leads Mozilla's security team, Firefox users should have their browsers automatically updated at some point over the next 24 hours. If they'd rather not wait, users can download the updated versions – Firefox 50.0.2, Firefox ESR 45.5.1, and Thunderbird 45.5.1. – manually.

[...] "The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code. It used this capability to collect the IP and MAC address of the targeted system and report them back to a central server. While the payload of the exploit would only work on Windows, the vulnerability exists on Mac OS and Linux as well," Veditz wrote.

Please be aware that the bug also affected the Thunderbird e-mail client.

Other reports can be found at Ars Technica and Security Focus .

The CVE (Common Vulnerabilities and Exposures) report is available at: CVE-2016-9079


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Saturday December 03 2016, @04:22AM

    by Anonymous Coward on Saturday December 03 2016, @04:22AM (#436389)

    FTFA: "Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well."

    ie. it's not being exploited *widely* but it sure as hell is being exploited now, the cat's out of this bag.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1