Firefox 0day in the wild is being used to attack Tor users
Firefox 0day in the wild is being used to attack Tor users
Firefox 0day in the wild is being used to attack Tor users
Publicly released exploit works reliably against a wide range of Firefox versions.
Dan Goodin - Nov 30, 2016 1:50 am UTC
There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.
Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch. ...
http://arstechnica.com/security/2016/11 ... d-in-2013/
Publicly released exploit works reliably against a wide range of Firefox versions.
Dan Goodin - Nov 30, 2016 1:50 am UTC
There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.
Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch. ...
http://arstechnica.com/security/2016/11 ... d-in-2013/
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 Lightning/.4.46
Re: Firefox 0day in the wild is being used to attack Tor use
IIUC from the article, only Firefox on Windows is being exploited. But is the vulnerability in question specific to Windows Firefox, or does it apply to Linux64 as well?
*Always* check the changelogs BEFORE updating that important software!
-
Re: Firefox 0day in the wild is being used to attack Tor use
Well, the specific real-world exploit targeted Windows components. There's not enough detail to say whether it could have targeted *nix, or whether the bug wouldn't apply there.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Re: Firefox 0day in the wild is being used to attack Tor use
*Always* check the changelogs BEFORE updating that important software!
-
Re: Firefox 0day in the wild is being used to attack Tor use
.. and the fix is now released -
https://www.mozilla.org/firefox/50.0.2/releasenotes/
https://www.mozilla.org/firefox/45.5.1/releasenotes/
https://www.mozilla.org/firefox/50.0.2/releasenotes/
https://www.mozilla.org/firefox/45.5.1/releasenotes/
*Always* check the changelogs BEFORE updating that important software!
-
Re: Firefox 0day in the wild is being used to attack Tor use
http://arstechnica.com/security/2016/11 ... ve-attack/
No, the vuln is not Windows-specific.
No, the vuln is not Windows-specific.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Firefox 0day in the wild is being used to attack Tor use
So NoScript appears to block the exploit (well at least I can't get [SeaMonkey 2.46] to crash with NoScript installed [& it does otherwise] [& at least with the testcase I used).
Not sure why it does, but not going to argue about that.
BTW, FF 50.0.2 crashes the tab, SeaMonkey crashes the browser.
(Multiprocess enabled in FF.)
Not sure why it does, but not going to argue about that.
BTW, FF 50.0.2 crashes the tab, SeaMonkey crashes the browser.
(Multiprocess enabled in FF.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 Lightning/.4.46
Re: Firefox 0day in the wild is being used to attack Tor use
The bug relies on JavaScript to work. If you leave the test site blocked, you've disarmed it.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Re: Firefox 0day in the wild is being used to attack Tor use
Pisses me off that so many websites today are deepthroating javascript and are totally refusing to run without it.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
Re: Firefox 0day in the wild is being used to attack Tor use
You can sometimes fight back with surrogate scripts.Lurion wrote:totally refusing to run without it.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
-
- Junior Member
- Posts: 49
- Joined: Wed Feb 20, 2013 1:49 pm
Re: Firefox 0day in the wild is being used to attack Tor use
Is that post still accessible? Did it contain the actual testcase?therube wrote:(..)
Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch. ...
Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Firefox 0day in the wild is being used to attack Tor use
https://lists.torproject.org/pipermail/ ... 42639.htmljohnscript wrote:Is that post still accessible? Did it contain the actual testcase?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0
-
- Junior Member
- Posts: 49
- Joined: Wed Feb 20, 2013 1:49 pm
Re: Firefox 0day in the wild is being used to attack Tor use
Thanks, Giorgio - I was looking in the wrong place.
It states
If so, do we have any names for such websites - or was it some kind of attack that could happen on any website really ?
It states
I'll admit my ignorance here: these files weren't just floating around somewhere on the internet, for them to work they had to be maybe injected in some websites, either on the fly by MTM or tampering with these websites, right?it consists of one HTML and one CSS file
If so, do we have any names for such websites - or was it some kind of attack that could happen on any website really ?
Mozilla/5.0 (X11; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Firefox 0day in the wild is being used to attack Tor use
I don't know for sure, since the original reported didn't tell where he found it, but by the look of the payload it seems a state-sponsored exploit and therefore it could be injected in any non-encrypted web page given a cooperative ISP.johnscript wrote:these files weren't just floating around somewhere on the internet, for them to work they had to be maybe injected in some websites, either on the fly by MTM or tampering with these websites, right?
If so, do we have any names for such websites - or was it some kind of attack that could happen on any website really ?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0