A zero-day exploit in the FireFox browser is in the wild that is used by hackers to de-anonymize people who are using Tor by executing malicious code on the victim’s machine. However, the overall internet users using FireFox browser are vulnerable to this zero-day exploit.
The vulnerability was first identified on Tor’s official blog; the post pointed out that a Javascript exploit that actively uses the Tor Browser and unmasks the users.
“This is a Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown, but it’s getting access to “VirtualAlloc” in “kernel32.dll” and goes from there. Please fix ASAP. I had to break the “thecode” line in two to post, remove ‘ + ‘ in the middle to restore it.” reads the post.
Roger Dingledine, Tor co-founder, confirmed the news of zero-day exploit and announced that Mozilla security team is working on this to fix the bug.
The zero-day is a corrupting memory vulnerability that exploits and executes malicious code on Windows operating systems.
