Mozilla and Tor Warn of Critical Firefox Vulnerability, Urge Users to Update

by

Mozilla and Tor have published browser updates to patch a critical Firefox vulnerability used to deanonymize users (via ArsTechnica).

Privacy tool Tor is based on the open-source Firefox browser developed by Mozilla, which received a copy of the previously unknown JavaScript-based attack code yesterday. Mozilla said in a blog post that the vulnerability had been fixed in a just-released version of Firefox for mainstream users.

tor-firefox-logo
The code execution flaw was reportedly already being exploited in the wild on Windows systems, but in an advisory published later on Wednesday, Tor officials warned that Mac users were vulnerable to the same hack.

"Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

The exploit is capable of sending the user's IP and MAC address to an attacker-controlled server, and resembles "network investigative techniques" previously used by law-enforcement agencies to unmask Tor users, leading some in the developer community to speculate that the new exploit was developed by the FBI or another government agency and was somehow leaked. Mozilla security official Daniel Veditz stopped short of pointing the finger at the authorities, but underlined the perceived risks involved in attempts to sabotage online privacy.

"If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web."

The Firefox attack code first circulated on Tuesday on a Tor discussion list and was quickly confirmed as a zero-day exploit – the term given to vulnerabilities that are actively used in the wild before the developer has a patch in place.

The latest Tor update that fixes the vulnerability is version 6.0.7 and can be downloaded here.

Vanilla Firefox users can download the update to their browser manually from here.

Top Rated Comments

(View all)
Avatar
50 months ago
I don't know who these people who work to assure our privacy and give us products for free... but thank you!
Score: 6 Votes (Like | Disagree)
Avatar
50 months ago

People still use Mozilla?

Yes, we do.
Score: 5 Votes (Like | Disagree)
Avatar
50 months ago
Firefox is still a great browser and yes, I still use it.
Score: 4 Votes (Like | Disagree)
Avatar
50 months ago
I've downloaded 50.0.1 this morning, now 50.0.2 is available.
To force upgrade: Open Menu Firefox, About Firefox, there's the update button.
And open the same menu again to restart Firefox.

*** Just going to Firefox.com might show that you've the latest version running, even if you're still on 50.0.1 But you're probably not running the latest version so use the above to upgrade.
Score: 3 Votes (Like | Disagree)
Avatar
50 months ago

Mozilla, please make sure you update your ESR versions as well for those of us who are unable to run you latest release on perfectly good devices.

Firefox ESR 45.5.1 ('https://www.mozilla.org/en-US/firefox/45.5.1/releasenotes/') includes the security fix.

This includes iOS users as well that can't run iOS 9 & 10. Thank you.

I doubt the iOS version is affected, as it uses Apple's Webkit layout engine rather than Mozilla's Gecko (which is used in the desktop version).
Score: 3 Votes (Like | Disagree)
Avatar
50 months ago
If you need to use TOR, disable javascript.
Score: 3 Votes (Like | Disagree)

Top Stories

Hands-On With iOS 14 Widgets, Custom Icons, and Home Screen Setup

Tuesday September 22, 2020 3:25 pm PDT by
Apple with iOS 14 introduced widgets on the Home Screen, leading to unprecedented levels of customization for the iPhone. Combined with Shortcuts that let you change an app's icon, iOS 14 lets you create a whole new look for your Home Screen. Subscribe to the MacRumors YouTube channel for more videos. We've been following along with some of the creative alternative Home Screen designs that M...

New Images Leak of iPhone 12 Braided USB-C to Lightning Cable

Thursday September 24, 2020 2:37 am PDT by
Rumors suggest Apple's upcoming iPhone 12 models will ship with a new Lightning to USB-C cable that includes a braided fabric design. Images of the purported cables were leaked in July, and today leaker Mr White has shared new images that give us a closer look at what we might get included in the iPhone 12 box. The photos show a USB-C to Lightning cable with a clearly braided design rather...

Apple's iPhone 12 Event Could Happen on October 13 Based on Rumors From Mobile Operators

Wednesday September 23, 2020 11:51 am PDT by
Apple's upcoming iPhone-centric event could perhaps be held on Tuesday, October 13, according to information shared with MacRumors by an employee at a UK cellular carrier. There's no way for us to confirm the dates at this point in time nor are we sure on the credibility of the source, but even without a rumor, Tuesday, October 13 is a good guess based on Apple's historic launch timelines, ...

New Version of Microsoft Office Coming Next Year That Won't Require a Subscription

Thursday September 24, 2020 1:53 am PDT by
Microsoft will next year offer a new perpetual release of Microsoft Office for Mac and Windows that doesn't require a subscription to use, according to the software giant (via Windows Central). "Microsoft Office will also see a new perpetual release for both Windows and Mac, in the second half of 2021," said Microsoft in a blog post announcing the next version of its Exchange server,...

Interest in iOS 14 Home Screen Ideas Helps Pinterest Break Daily Download Record

Wednesday September 23, 2020 4:37 am PDT by
Apple's introduction of widgets on the Home Screen in iOS 14 has driven a surge in interest among users looking to customize their iPhone, and that has reportedly had a knock-on effect for Pinterest, whose iOS app has seen record downloads as users flock to its content seeking design inspiration. As reported by TechCrunch, App Store intelligence firm Apptopia was first to note the impact of ...

'iPhone 12 mini' Name Reappears in Leaked Apple iPhone 12 Case Stickers

Friday September 25, 2020 1:58 am PDT by
Earlier this week a proven leaker claimed that the iPhone 12 lineup would be named "iPhone 12 mini," "iPhone 12," "iPhone 12 Pro," and "iPhone 12 Pro Max," and today the same nomenclature has appeared again in a photo depicting alleged stickers from unreleased Silicone iPhone cases originating from Apple's international distribution center in Ireland. The photo shows three stickers with the...

Apple Releases iOS 14.0.1 With Fix for Bug That Resets Default Apps After Rebooting

Thursday September 24, 2020 10:12 am PDT by
Apple today released iOS 14.0.1, the first update to the iOS 14 operating system that was released on September 16. Today's update is a bug fix update addressing issues that weren't able to be fixed in the initial iOS 14 launch. The iOS 14.0.1 update is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software Update. ...

Apple Emphasizes That Solo Loop May Increase in Length Over Time, Updates Sizing Guide With More Specific Instructions

Wednesday September 23, 2020 8:26 am PDT by
Apple on Tuesday updated one of its support documents to emphasize that the new silicone rubber Solo Loop for the Apple Watch may increase in length over time, as mentioned in fine print at the bottom of the Solo Loop product page. Apple has also updated its printable Solo Loop sizing guide with more specific instructions, as noted by 9to5Mac's Michael Steeber. The guide now advises users to ...

iOS 14 Widgets Offer iPhone Users Creative Home Screen Ideas

Sunday September 20, 2020 8:43 pm PDT by
Updated on September 22nd with hands on video. In iOS 14, Apple introduced ‌the concept of Home Screen‌ widgets, which provide information from apps at a glance. Widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. Despite the relative lack of...

Kuo: Mini-LED Displays to Debut in Apple's Next iPad Pro

Tuesday September 22, 2020 11:45 pm PDT by
Following his report earlier this week indicating that Apple will be accelerating adoption of mini-LED displays in its iPad and Mac notebook lineups thanks to better than expected development from potential secondary supplier Sanan Optoelectronics, analyst Ming-Chi has released a new report today sharing a bit more perspective on the mini-LED display market as it relates to Apple. Kuo says...