Mozilla and Tor Warn of Critical Firefox Vulnerability, Urge Users to Update - MacRumors
Skip to Content

Mozilla and Tor Warn of Critical Firefox Vulnerability, Urge Users to Update

by

Mozilla and Tor have published browser updates to patch a critical Firefox vulnerability used to deanonymize users (via ArsTechnica).

Privacy tool Tor is based on the open-source Firefox browser developed by Mozilla, which received a copy of the previously unknown JavaScript-based attack code yesterday. Mozilla said in a blog post that the vulnerability had been fixed in a just-released version of Firefox for mainstream users.

tor-firefox-logo
The code execution flaw was reportedly already being exploited in the wild on Windows systems, but in an advisory published later on Wednesday, Tor officials warned that Mac users were vulnerable to the same hack.

"Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

The exploit is capable of sending the user's IP and MAC address to an attacker-controlled server, and resembles "network investigative techniques" previously used by law-enforcement agencies to unmask Tor users, leading some in the developer community to speculate that the new exploit was developed by the FBI or another government agency and was somehow leaked. Mozilla security official Daniel Veditz stopped short of pointing the finger at the authorities, but underlined the perceived risks involved in attempts to sabotage online privacy.

"If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web."

The Firefox attack code first circulated on Tuesday on a Tor discussion list and was quickly confirmed as a zero-day exploit – the term given to vulnerabilities that are actively used in the wild before the developer has a patch in place.

The latest Tor update that fixes the vulnerability is version 6.0.7 and can be downloaded here.

Vanilla Firefox users can download the update to their browser manually from here.

Tags: Apple Privacy, Firefox, Tor Browser

Top Rated Comments

MacBH928 Avatar
MacBH928
123 months ago
I don't know who these people who work to assure our privacy and give us products for free... but thank you!
Score: 6 Votes (Like | Disagree)
Krafty Avatar
Krafty
123 months ago
People still use Mozilla?
Yes, we do.
Score: 5 Votes (Like | Disagree)
M
Michaelgtrusa
123 months ago
Firefox is still a great browser and yes, I still use it.
Score: 4 Votes (Like | Disagree)
R
Rigby
123 months ago
Mozilla, please make sure you update your ESR versions as well for those of us who are unable to run you latest release on perfectly good devices.
Firefox ESR 45.5.1 ('https://www.mozilla.org/en-US/firefox/45.5.1/releasenotes/') includes the security fix.
This includes iOS users as well that can't run iOS 9 & 10. Thank you.
I doubt the iOS version is affected, as it uses Apple's Webkit layout engine rather than Mozilla's Gecko (which is used in the desktop version).
Score: 3 Votes (Like | Disagree)
miknos Avatar
miknos
123 months ago
If you need to use TOR, disable javascript.
Score: 3 Votes (Like | Disagree)
Kajje Avatar
Kajje
123 months ago
I've downloaded 50.0.1 this morning, now 50.0.2 is available.
To force upgrade: Open Menu Firefox, About Firefox, there's the update button.
And open the same menu again to restart Firefox.

*** Just going to Firefox.com might show that you've the latest version running, even if you're still on 50.0.1 But you're probably not running the latest version so use the above to upgrade.
Score: 3 Votes (Like | Disagree)
Read All Comments

Popular Stories

M5 Vision Pro Thumb 2

Apple Has Given Up on the Vision Pro After M5 Refresh Flop

Wednesday April 29, 2026 11:31 am PDT by
Apple has all but given up on the Vision Pro after the M5 model failed to revitalize interest in the device, MacRumors has learned. Apple updated the Vision Pro with a faster M5 chip and a more comfortable band in October 2025, but there were no other hardware changes, and consumers still weren't interested. The Vision Pro has been criticized for its high price tag and its uncomfortable...
Read Full Article699 comments
Four iPhone 18 Pro Colors Mock Feature

iPhone 18 Pro to Launch in September With These 10 New Features

Tuesday April 28, 2026 9:35 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not launching until September, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component will be moved under the...
Read Full Article
airpods pro 3 design

'AirPods Ultra' Rumored to Feature a Major Upgrade Over AirPods Pro

Thursday April 30, 2026 8:40 am PDT by
In a social media post this week, Bloomberg's Mark Gurman reiterated that Apple is planning to release new AirPods with cameras "for Siri." Last month, Gurman said these AirPods will likely be priced above the current AirPods Pro 3, which Apple sells for $249. As a result, he said Apple is likely considering using "AirPods Ultra" branding for the camera-equipped AirPods. "AirPods Ultra"...
Read Full Article81 comments