Firefox 0-day used to attack Windows Tor users

An example of the payload that target massively Tor is accessible here : Tor exploit. It consists of one HTML and one CSS file. They are used to get access to "VirtualAlloc" in "kernel32.dll".

Image of Tor exploit

Mozilla and Tor released a patch

Mozilla and Tor developers have published browser updates that patch this critical vulnerability. A Tor official wrote : "The security flaw responsible for this urgent release is already actively exploited on Windows systems", in this Tor Advisory. Tor released an update of NoScript, a Firefox extension that allow users to restrict the execution of javascript in the browser. Thunderbird have also released a security fix.

Who benefits this vulnerability

On the web, some people said that the FBI has created the exploit to get the identity of some Tor users. FBI used this kind of modus operandi in 2013 (Wired.com) and in 2015 (Arstechnica.com).

Update Firefox and Tor

If you are a Firefox or Tor user, you should update them now. The Firefox security release shows the correction of a Firefox SVG Animation Remote Code Execution. The Tor security release writes this : The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect..

Adrien