Leave a comment

Update your web browser! This exploited bug puts you in serious risk

Update your web browser! This exploited bug puts you in serious risk

Mozilla Firefox users, and more specifically, Tor users, update your browsers now! An emergency patch has been released to address a zero-day vulnerability that is already being exploited by hackers to unmask Tor Browser users.

The Tor Browser is used for anonymizing web activity and it is partially based on open-source Firefox code.

The critical security bug is reported to be a use-after-free vulnerability. This could allow a hacker to execute remote code by exploiting a flaw in how Firefox handles SVG animations through a poisoned link or website.

The attacker could then identify and forward the IP and MAC addresses to a command and control server. This exploit is said to be similar to the technique used by the FBI in 2013 to unmask anonymous visitors of a child pornography website.

However, the server of this current attack points to an IP located in France and it is unlikely that the FBI or another U.S.-based agency is behind it.

Additionally, while the flaw exploits an SVG bug, it requires Javascript to be running on the browser. Having Javascript turned off for maximum security while browsing with Tor is the recommended setting anyway.

According to the Tor Project:

"The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect."

Firefox users should update to Firefox version 50.0.2, Firefox ESR 45.5.1, and additionally, Thunderbird 45.5.1, since it affects Mozilla's email client too. Firefox should automatically update itself to the newest version after a browser restart.

Emergency update 6.0.7 for the Tor Browser is likewise available for download so if you use this software regularly, please update as soon as you can.

To read the release details about the Tor Browser update 6.0.7, click here.

For Mozilla's security advisory about the emergency patch, visit this page.

More must-read articles:

Spam is targeting your iCal and iCloud account

1 million Google accounts hit by malware that can access 74 percent of all Android phones

Public Wi-Fi is more dangerous than you think

Next Story
Yikes! 99 percent of these Apple accessories are fire hazards
Previous Happening Now

Yikes! 99 percent of these Apple accessories are fire hazards

Your posts on social media can now predict the future
Next Happening Now

Your posts on social media can now predict the future

View Comments ()