SoylentNews

An Anonymous Coward writes:

= Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln

"Mozilla is scrambling to patch a vulnerability in Firefox that is apparently being exploited in the wild to unmask Tor Browser users.

Earlier today, a small package of SVG, JavaScript and x86 code popped up on a Tor mailing list that, when opened by Firefox or Tor Browser on a Windows PC, phones home to a remote server and leaks the user's MAC address, hostname and potentially their public IP address. Typically, this exploit would be embedded in a webpage and leap into action when opened by an unsuspecting visitor."

http://www.theregister.co.uk/2016/11/30/possible_tor_browser_decloak_zero_day_dropped_patch_in_works/ [theregister.co.uk]
https://web.archive.org/web/20161130072235/http://www.theregister.co.uk/2016/11/30/possible_tor_browser_decloak_zero_day_dropped_patch_in_works/ [archive.org]

= Firefox 0day in the wild is being used to attack Tor users

http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/ [arstechnica.com]
https://web.archive.org/web/20161130031656/http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/ [archive.org]

= [tor-talk] Javascript exploit

"This is an Javascript exploit actively used against TorBrowser NOW. It
consists of one HTML and one CSS file, both pasted below and also
de-obscured. The exact functionality is unknown but it's getting access to
"VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP."

https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html [torproject.org]
https://web.archive.org/web/20161130003501/https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html [archive.org]

Original Submission