Mozilla and Tor Browsers Vulnerability

Popular articles

02 / 12 / 2016

Mozilla and Tor Browsers Vulnerability

If you use the Firefox and Tor browsers, better update them.

Firefox and Tor developers have reported a 0-day vulnerability that transmits user data to a remote server in Portugal. The vulnerability is leaking such details as host name, MAC address, and public IP address.

Simply put, anyone who wants to see your hidden web activity, may use this exploit on their website to tie your real IP number to your activities on the dark web.

Information about the vulnerability appeared in the email of the Tor project from an anonymous sender. The email contains SVG and JavaScript with the following message:

“This is a JavaScript exploit actively used against Tor Browser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I had to break the "thecode" line in two in order to post, remove ' + ' in the middle to restore it.“

Emergency patch fixes were started within a half an hour after the email had been received on Mozilla’s and Tor’s sides. The fixes were delivered as soon as possible.

As the exploit examination shows, the way how Mozilla reads and displays the configured SVG files may call the UAF (use-after-free) vulnerability.

Use-After-Free vulnerability is a type of memory corruption flaw that refers to an attempt to access memory after it has been freed. This can cause a program to crash or, in the case of a Use-After-Free flaw, potentially result in the execution of arbitrary code or even full remote code.

Mozilla and Tor have already released security updates. MacKeeper suggests that you immediately update the browsers:

Update Firefox

Update Tor