Mozilla and Tor have published browser updates to patch a critical Firefox vulnerability used to deanonymize users (via ArsTechnica).

Privacy tool Tor is based on the open-source Firefox browser developed by Mozilla, which received a copy of the previously unknown JavaScript-based attack code yesterday. Mozilla said in a blog post that the vulnerability had been fixed in a just-released version of Firefox for mainstream users.

tor-firefox-logo
The code execution flaw was reportedly already being exploited in the wild on Windows systems, but in an advisory published later on Wednesday, Tor officials warned that Mac users were vulnerable to the same hack.

"Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

The exploit is capable of sending the user's IP and MAC address to an attacker-controlled server, and resembles "network investigative techniques" previously used by law-enforcement agencies to unmask Tor users, leading some in the developer community to speculate that the new exploit was developed by the FBI or another government agency and was somehow leaked. Mozilla security official Daniel Veditz stopped short of pointing the finger at the authorities, but underlined the perceived risks involved in attempts to sabotage online privacy.

"If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web."

The Firefox attack code first circulated on Tuesday on a Tor discussion list and was quickly confirmed as a zero-day exploit – the term given to vulnerabilities that are actively used in the wild before the developer has a patch in place.

The latest Tor update that fixes the vulnerability is version 6.0.7 and can be downloaded here.

Vanilla Firefox users can download the update to their browser manually from here.

Top Rated Comments

MacBH928 Avatar
83 months ago
I don't know who these people who work to assure our privacy and give us products for free... but thank you!
Score: 6 Votes (Like | Disagree)
Krafty Avatar
83 months ago
People still use Mozilla?
Yes, we do.
Score: 5 Votes (Like | Disagree)
Michaelgtrusa Avatar
83 months ago
Firefox is still a great browser and yes, I still use it.
Score: 4 Votes (Like | Disagree)
Kajje Avatar
83 months ago
I've downloaded 50.0.1 this morning, now 50.0.2 is available.
To force upgrade: Open Menu Firefox, About Firefox, there's the update button.
And open the same menu again to restart Firefox.

*** Just going to Firefox.com might show that you've the latest version running, even if you're still on 50.0.1 But you're probably not running the latest version so use the above to upgrade.
Score: 3 Votes (Like | Disagree)
Rigby Avatar
83 months ago
Mozilla, please make sure you update your ESR versions as well for those of us who are unable to run you latest release on perfectly good devices.
Firefox ESR 45.5.1 ('https://www.mozilla.org/en-US/firefox/45.5.1/releasenotes/') includes the security fix.
This includes iOS users as well that can't run iOS 9 & 10. Thank you.
I doubt the iOS version is affected, as it uses Apple's Webkit layout engine rather than Mozilla's Gecko (which is used in the desktop version).
Score: 3 Votes (Like | Disagree)
miknos Avatar
83 months ago
If you need to use TOR, disable javascript.
Score: 3 Votes (Like | Disagree)

Popular Stories

iOS 16

iOS 16.4 Now Available for Your iPhone With These 8 New Features

Friday March 31, 2023 8:55 am PDT by
Following six weeks of beta testing, iOS 16.4 was released to the public this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions. Below, we have recapped eight new features and changes added with iOS 16.4,...
CarPlay Phone Call

General Motors to Phase Out Apple CarPlay Starting This Year in EV Transition

Friday March 31, 2023 8:43 am PDT by
General Motors (GM) will phase out Apple CarPlay and Android Auto in its vehicles starting this year, shifting to a built-in infotainment system co-developed with Google (via Reuters). GM owns Buick, Cadillac, Chevrolet, and GMC in the United States. It will stop offering Apple CarPlay and Android Auto starting with the 2024 Chevrolet Blazer, which goes on sale this summer. The company plans ...
iOS 17 on Phone Feature

Three New iOS Features Coming to Your iPhone Following Apple Music Classical

Thursday March 30, 2023 7:13 am PDT by
With the Apple Music Classical app and an Apple Pay Later early access program now available, the list of previously-announced iOS features that have yet to launch is beginning to shrink. However, there are still a few features we are waiting for. Below, we have recapped three more iOS features that are expected to launch in 2023, including an Apple Card savings account for Daily Cash,...
wwdc 2023

Three Products We Might See at WWDC 2023

Friday March 31, 2023 3:37 pm PDT by
Apple this week announced the official dates for the 34th annual Worldwide Developers Conference, with the annual WWDC keynote event set to take place on Monday, June 5. The keynote is where Apple unveils new versions of iOS, macOS, watchOS, and tvOS, and sometimes, we get hardware announcements. Rumors this year suggest there are at least three new devices that are set to be unveiled in the ...
iPhone 15 Pro Multi Purpose button Mute Switch Feature Green 2

iPhone 15 Pro Solid-State Button Sensitivity Can Be Customized to Cater for Cases and Gloves

Thursday March 30, 2023 11:36 pm PDT by
iPhone 15 Pro and iPhone 15 Pro Max users will be able to customize the sensitivity of the solid-state buttons on their device, thanks to a new sensitivity toggle in Settings. That's according to details provided by a hitherto reliable source that shared additional details on the MacRumors forums. Earlier this week, the same anonymous tipster revealed that the iPhone 15 Pro models will use...
apple mixed reality headset concept by david lewis and marcus kane

Kuo: Apple Mixed-Reality Headset May Not Appear at WWDC as Mass Production Pushed Back Yet Again

Thursday March 30, 2023 4:50 am PDT by
Apple has again pushed back mass production of its mixed-reality headset and the device may not appear at this year's Worldwide Developers Conference (WWDC), Apple analyst Ming-Chi Kuo today said. Apple headset concept by David Lewis and Marcus Kane In a tweet, Kuo explained that Apple "isn't very optimistic" about whether the headset will be able to create an "iPhone moment." As a result,...
iPhone 15 Pro Periscope Mock Feature

Periscope Camera Lens Exclusive to iPhone 15 Pro Max Will Be Supplied by Largan

Thursday March 30, 2023 1:18 am PDT by
The periscope camera lens that will be exclusive to the iPhone 15 Pro Max will be solely supplied by Largan, according to the 相機鏡頭中獲利-apple-camera-lens-suppliers-face-two-risks-high-53db8da990b2">latest no by Apple industry analyst Ming-Chi Kuo. Rumors about the iPhone getting a periscope lens have been circulating since early 2020, when Kuo first mentioned the possibility. The analyst...