Mozilla and Tor have published browser updates to patch a critical Firefox vulnerability used to deanonymize users (via ArsTechnica).

Privacy tool Tor is based on the open-source Firefox browser developed by Mozilla, which received a copy of the previously unknown JavaScript-based attack code yesterday. Mozilla said in a blog post that the vulnerability had been fixed in a just-released version of Firefox for mainstream users.

tor-firefox-logo
The code execution flaw was reportedly already being exploited in the wild on Windows systems, but in an advisory published later on Wednesday, Tor officials warned that Mac users were vulnerable to the same hack.

"Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

The exploit is capable of sending the user's IP and MAC address to an attacker-controlled server, and resembles "network investigative techniques" previously used by law-enforcement agencies to unmask Tor users, leading some in the developer community to speculate that the new exploit was developed by the FBI or another government agency and was somehow leaked. Mozilla security official Daniel Veditz stopped short of pointing the finger at the authorities, but underlined the perceived risks involved in attempts to sabotage online privacy.

"If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web."

The Firefox attack code first circulated on Tuesday on a Tor discussion list and was quickly confirmed as a zero-day exploit – the term given to vulnerabilities that are actively used in the wild before the developer has a patch in place.

The latest Tor update that fixes the vulnerability is version 6.0.7 and can be downloaded here.

Vanilla Firefox users can download the update to their browser manually from here.

Top Rated Comments

MacBH928 Avatar
89 months ago
I don't know who these people who work to assure our privacy and give us products for free... but thank you!
Score: 6 Votes (Like | Disagree)
Krafty Avatar
89 months ago
People still use Mozilla?
Yes, we do.
Score: 5 Votes (Like | Disagree)
Michaelgtrusa Avatar
89 months ago
Firefox is still a great browser and yes, I still use it.
Score: 4 Votes (Like | Disagree)
Kajje Avatar
89 months ago
I've downloaded 50.0.1 this morning, now 50.0.2 is available.
To force upgrade: Open Menu Firefox, About Firefox, there's the update button.
And open the same menu again to restart Firefox.

*** Just going to Firefox.com might show that you've the latest version running, even if you're still on 50.0.1 But you're probably not running the latest version so use the above to upgrade.
Score: 3 Votes (Like | Disagree)
Rigby Avatar
89 months ago
Mozilla, please make sure you update your ESR versions as well for those of us who are unable to run you latest release on perfectly good devices.
Firefox ESR 45.5.1 ('https://www.mozilla.org/en-US/firefox/45.5.1/releasenotes/') includes the security fix.
This includes iOS users as well that can't run iOS 9 & 10. Thank you.
I doubt the iOS version is affected, as it uses Apple's Webkit layout engine rather than Mozilla's Gecko (which is used in the desktop version).
Score: 3 Votes (Like | Disagree)
miknos Avatar
89 months ago
If you need to use TOR, disable javascript.
Score: 3 Votes (Like | Disagree)

Popular Stories

Apple WWDC23 macOS Sonoma hero

macOS Sonoma Launching This Week With These New Features

Sunday September 24, 2023 12:45 pm PDT by
Apple previously announced that macOS Sonoma will be released this Tuesday, September 26. The free software update includes many new features and changes for the Mac, including the five that we have highlighted below. In addition to these five features, we have shared the full release notes for macOS Sonoma below for a complete overview of everything new. Desktop Widgets macOS Sonoma...
iPhone 16 Mock Header With Dynamic Island

Skipping the iPhone 15 Pro? Here's What's Rumored for iPhone 16 Pro

Friday September 22, 2023 9:29 am PDT by
Are you skipping the iPhone 15 Pro and waiting another year to upgrade? If so, we already have some iPhone 16 Pro rumors for you. Below, we recap new features rumored for the iPhone 16 Pro models so far:Larger displays: The iPhone 16 Pro and iPhone 16 Pro Max will be equipped with larger 6.3-inch and 6.9-inch displays, respectively, according to Ross Young, CEO of Display Supply Chain...
iPhone 16 Side Feature

iPhone 16 to Include an Additional Capacitive 'Capture' Button

Monday September 25, 2023 12:50 pm PDT by
The iPhone 16 series is expected to gain an additional capacitive button, known internally as the "Capture Button." Codenamed "Project Nova," the button is likely to be one of the main selling points of the iPhone 16 lineup, assuming it gets past the initial testing phase. The Capture Button is located on the same side as the Power button, only positioned slightly lower - where the mmWave cutout...
ipad mini blue

Apple to Launch iPad Mini 7 Later This Year, Industry Report Suggests

Monday September 25, 2023 3:16 am PDT by
Apple could be preparing to release a seventh-generation iPad mini before the end of the year, based on a new report by DigiTimes. In an article discussing stagnating global tablet demand in the second half of 2023, the Taiwan-based outlet forecasts an uptick in Apple's share of the market owing to orders for a "small-size" iPad in the fourth quarter. From the report (see bold): In the...