Firefox rushes to fix critical vulnerability that could be used to expose anonymous Tor users

Firefox rushes to fix critical vulnerability that could be used to expose anonymous Tor users

Firefox rushes to fix critical vulnerability that could be used to expose anonymous Tor users

Firefox rushed to fix a critical vulnerability in its browser that could potentially be used to find out the identities of those using the anonymising network, Tor. Tor is a browser that allows for anonymous web surfing, and supports use of its anonymising network by third party browsers.

Firefox published an advisory for the vulnerability alerting users of a threat to their privacy, and then quickly went on to release a fix for the vulnerability.

Read more   ↓
 Users can install the latest version of Firefox manually, or wait for the update to be installed automatically, which usually happens within twenty four hours of a new release. Mozilla was provided with the vulnerability, which was later posted on a Tor usergroup.

A bug in Firefox could be used to load a web site containing malicious JavaScript and SVG code. Arbitrary code could be executed on the machine of the user through this exploit. In a particular implementation, the malicious code had the capability to find out the IP and MAC addresses of the user, compromising user anonymity.

The payload was known to work only on Windows machines, but the vulnerability existed on Mac and Linux systems as well. The exploit works similar to the “Network Investigative Technique” previously used by the FBI to gather evidence against a child porn ring.

The similarity has lead Firefox to suspect that this exploit was also developed by government sponsored agencies. If that is the case, Firefox says that the exploit getting into the wild brings to focus the dangers posed to the larger web because of state sponsored tools.

Source by firstpost….

Share:

loading...

You may also like...