Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

ky331

3 Apprentice

 • 

15.2K Posts

1066

November 30th, 2016 04:00

Firefox 50.0.2 patches actively-attacked 0-day Javascript vulnerability

The following information was excerpted from http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/

and http://www.itnews.com.au/news/firefox-javascript-zero-day-under-active-exploit-443050?

A Javascript zero-day vulnerability affecting the Mozilla Firefox web browser is currently being actively exploited against The Onion Router (TOR) anonymising network users by unknown attackers.

The exploit causes memory corruption and executes attack code that would find a TOR user's real IP address and network adapter MAC identifier, and relay it back to a server in France.

A representative of Mozilla said officials are aware of the vulnerability and are working on a fix.

Until a patch is available, Firefox users should use an alternate browser whenever possible, or they should at the very least disable JavaScript on as many sites as possible. People should avoid relying on Tor in cases where deanonymizing attacks could pose a significant threat.

ky331

3 Apprentice

 • 

15.2K Posts

November 30th, 2016 14:00

Firefox 50.0.2 has been released: ( https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/  ) ---

which indeed patches the vulnerability discussed above http://arstechnica.com/security/2016/11/tor-releases-urgent-update-for-firefox-0day-thats-under-active-attack/

Firefox SVG Animation Remote Code Execution

Announced
November 30, 2016
Products
Firefox, Firefox ESR, Thunderbird
Fixed in
  • Firefox 50.0.2
  • Firefox ESR 45.5.1
  • Thunderbird 45.5.1

#CVE-2016-9079: Use-after-free in SVG Animation

Reporter
Obscured Team
Impact
critical
Description

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.

References

ky331

3 Apprentice

 • 

15.2K Posts

November 30th, 2016 15:00

For those wondering, people running Mawarebytes Anti-EXPLOIT were already protected against this 0day.

https://blog.malwarebytes.com/threat-analysis/2016/11/tor-browser-zero-day-strikes-again/

View More

View All

No Events found!

Top