A zero-day exploit in the FireFox browser is in the wild that is used by hackers to de-anonymize people who are using Tor by executing malicious code on the victim’s machine. However, the overall internet users using FireFox browser are vulnerable to this zero-day exploit.
The vulnerability was first identified on Tor’s official blog; the post pointed out that a Javascript exploit that actively uses the Tor Browser and unmasks the users.
“This is a Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown, but it’s getting access to “VirtualAlloc” in “kernel32.dll” and goes from there. Please fix ASAP. I had to break the “thecode” line in two to post, remove ‘ + ‘ in the middle to restore it.” reads the post.
Roger Dingledine, Tor co-founder, confirmed the news of zero-day exploit and announced that Mozilla security team is working on this to fix the bug.
The zero-day is a corrupting memory vulnerability that exploits and executes malicious code on Windows operating systems.
A security research Raylee explained that exploit is quite similar to the one that was used by law enforcements in 2013 to expose the users of illicit material serving site hosted on Freedom Hosting.
“It’s almost the same as the payload used in 2013,” Raylee told ArsTechnicia. “It exploits some vulnerability that executes code very similar to that used in the 2013 Tor browser exploit. Most of the code is identical; just small parts have changed.”
According to another security researcher Joshua Yabut, the zero-day exploit executes a heap overflow vulnerability which needs Javascript enabled on the victim’s machine.
The zero-day exploit code can target various versions of Firefox browser from version 41 to 50; the exploit can target all these versions which mean that attackers have enhanced their malicious code over time.
Moreover, the public disclosure of the malicious Javascript code could allow attackers in the wild to track Tor users.
Since Mozilla is working on the patch, users should avoid using Tor to protect their identity, and also it is suggested to disable Javascript.
Share this article
About the Author
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.
More from Peter ButtlerRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
