Mozilla Patches Firefox Zero Day Used to Unmask Tor Browser Users

As anticipated, Mozilla launched a brand new model of Firefox on Wednesday to cope with a zero-day vulnerability that was once actively being exploited to de-anonymize Tor Browser customers.
The vulnerability, disclosed on a public Tor Venture mailing checklist overdue Tuesday night time, pressured the Tor Venture to additionally factor an emergency replace (6.0.7) in its Tor Browser – which is partly constructed on open supply Firefox code – on Wednesday.
In accordance to Daniel Veditz, who leads Mozilla’s safety group, Firefox customers will have to have their browsers routinely up to date someday over the following 24 hours.
In the event that they’d fairly now not wait, customers can obtain the up to date variations – Firefox 50.0.2, Firefox ESR 45.5.1, and Thunderbird 45.5.1. – manually.

Firefox customers will have to replace to get crucial vulnerability repair
— Daniel Veditz (@dveditz) November 30, 2017

The problem, a use-after-free vulnerability, technically existed in an object, nsSMILTimeContainer, which is used to facilitate SVG animation in Firefox.

Assuming an attacker may just trick a consumer into visiting specially-crafted internet content material, they may have leveraged the vulnerability to remotely execute arbitrary code at the gadget.
Veditz stated Wednesday afternoon that as a result of the best way the vulnerability behaved, it was once amassing and forwarding IP and MAC addresses concept to be non-public and forwarding them again to a central server.
“The exploit took good thing about a trojan horse in Firefox to permit the attacker to execute arbitrary code at the focused gadget by means of having the sufferer load a internet web page containing malicious JavaScript and SVG code.
It used this capacity to gather the IP and MAC cope with of the focused gadget and file them again to a central server. Whilst the payload of the exploit would best paintings on Home windows, the vulnerability exists on Mac OS and Linux as smartly,” Veditz wrote.
Veditz stated many safety researchers surmised on Twitter Wednesday that the best way ToR vulnerability labored was once identical to the best way the FBI de-anonymized Tor customers in 2017. Whilst Veditz stopped in need of announcing the exploit was once created by means of the FBI or legislation enforcement, he did glide the speculation and warned how it might pose a critical danger to privateness.
“As of now, we have no idea whether or not that is the case.
If this exploit was once in truth advanced and deployed by means of a central authority company, the truth that it’s been printed and will now be utilized by somebody to assault Firefox customers is a transparent demonstration of the way supposedly restricted govt hacking can grow to be a danger to the wider Internet,” Veditz stated.