The Hackers are sprightly abusing a zero-day vulnerability in Firefox simply to unmask the Tor Browser users, similar to what the FBI exploited during an inquiry of a child pornography website.
Firefox Zero-Day Flaw To Expose Tor Users
The Zero Day vulnerabilities are the most dangerous program or service that you can have. This type of vulnerabilities consist of failures that are not known to the manufacturer, but they themselves are held by attackers who can use them for spurious purposes. And it is even more serious when it is in what is supposedly the safer anonymity network “Tor”.
The Onion Router is an anonymity software which provides a safe heaven to the human rights activists, journalists, government officials. But, along with all this, it is also a place where drugs, assassins for hire, child pornography, and other illegal activities have allegedly been traded.
The exploit was made public on the Tor blog on recently in order to be remedied as soon possible by Mozilla developers. The publication stated that ‘we are facing an exploit of JavaScript and is being used at this moment against the Tor Browser’. The fact that been made public is the vulnerability makes it even more dangerous until Mozilla launch a solution since now is available to any potential attacker.
Like many exploits, it takes advantage of a memory corruption that can inject malicious code to be used on computers running Windows. The exploit is virtually identical to one used by the FBI in 2013 for Deanonize users who visited a page of pedophilia, which ran on pages hosted by a service called Freedom Hosting. In fact, the code is virtually the same, except few changes only in small parts, according to the user who has actually discovered.
Specifically, when the vulnerability is executed in Firefox or the Tor browser with JavaScript enabled in Windows, it simply takes advantage of memory corruption and calls the kernel32.dll file in Windows system, allowing execute malicious code remotely on Microsoft’s operating system.
The data of users who were infected were sent to a server whose IP is 5.39.27.226, it is a hosted remote server in a virtual machine on OVH, french hosting service through port 80. The server is no longer responding at the time of writing.
The Tor Project lead, Roger Dingledine said that “So it sounds like the immediate next step is that Mozilla finishes their patch for it then…a quick Tor Browser update and somewhere in there people will look at the bug and see whether they think it really does apply to Tor Browser”.
The vulnerability affects all Windows users who have versions of Firefox ranging from 41 to 50. That’s why it also affected the Tor browser, which currently operates under a version of 45 (Firefox 45.5.0esr). Therefore, users must use another browser, for now, until the Mozilla fixes this bug, or at least disable JavaScript in Firefox on all pages and avoid using Tor until this solution is implemented.
