Newly Discovered Firefox Exploit Could Threaten the Anonymity of Tor Users
Toggle Dark Mode
A new zero-day vulnerability discovered on the Firefox web browser could compromise the anonymity of those using the Tor Browser, an online network that masks the IP address of users, according to a new report.
The exploit was first revealed by a post on Tor’s official website, in which they wrote “This is a JavaScript exploit actively used against Tor Browser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured.” Tor cofounder Roger Dingledine confirmed the existence of the exploit, and said that Mozilla is both tracking it and scrambling to develop a patch. The exploit affects Firefox versions 41 to 50 on Windows computers, as well as the current version of the Tor Browser. When deployed, it could potentially unmask an anonymous user’s MAC address, hostname and public IP address, according to The Register.
While the exploit is currently targeting users of the Tor Browser, it is “in the wild” — which means that it’s publicly accessible to any hacker, who could use it to attack other Firefox users. The Tor Browser is partly based on Mozilla Firefox, and they tend to share similar vulnerabilities, according to ZDNet. The exploit is also what’s known as a “watering hole attack,” which means that users have to visit a website with the code for the exploit to affect a computer.
Interestingly, as security researcher TheWack0lian pointed out on Twitter, the exploit reportedly uses code that is almost identical to a zero-day Firefox exploit used by the FBI in 2013 to catch users visiting child pornography sites on the dark-web via Tor. Attacks such as these are known as “zero-day” vulnerabilities because they aren’t announced or discovered before they become a threat, meaning that software makers have ‘zero days’ to develop a fix.
For those unfamiliar with the Tor Browser, it is anonymizing software that bounces a user’s internet communications among a network spread across the globe, thoroughly masking their identity and internet activity, and allowing users to visit blocked websites — such as those on the dark web.
Security professionals are recommending that Tor users avoid cases in which deanonymizing attacks could pose a serious threat. Software development company Wordfence is also recommending that users switch to another browser, such as Safari or Chrome, until Mozilla releases a fix for the exploit.
