{"id":1691,"date":"2016-11-30T10:50:21","date_gmt":"2016-11-30T09:50:21","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=1691"},"modified":"2020-12-13T07:05:40","modified_gmt":"2020-12-13T06:05:40","slug":"firefox-zero-day-exploit-puts-tor-users-at-risk","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2016\/11\/30\/firefox-zero-day-exploit-puts-tor-users-at-risk\/","title":{"rendered":"Firefox Zero-day exploit puts Tor users at risk"},"content":{"rendered":"

\"Mozilla\"<\/a>A publicly released exploit (zero-day exploit) works against many Firefox browser versions \u2013 and put Tor users (and possibly other Firefox users) at risk. Officials at Tor has confirmed the vulnerability, no Firefox patch is available yet.<\/p>\n

<\/p>\n

The first mention of the exploit was made within this Tor forum post<\/a> fom November, 29, 2016. <\/p>\n

\n

This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to \"VirtualAlloc\" in \"kernel32.dll\" and goes from there. Please fix ASAP. <\/p>\n<\/blockquote>\n

The posting indicates, that a JavaScript exploit is used in the wild that works on Windows systems. Tor founder Roger Dingledine confirms<\/a> the vulnerability. @TheWack0lian<\/a> points out within a tweet<\/a>, that this vulnerability already has been used in 2013 from FBI (see this Arstechnica post<\/a>). <\/p>\n

\n

The shellcode used is almost exactly the shellcode of the 2013 one https:\/\/t.co\/6vuIzqp0rj<\/a><\/p>\n

…except it builds sockaddr_in on the stack. https:\/\/t.co\/pWsUe4uHiZ<\/a><\/p>\n

\u2014 slipstream\/RoL (@TheWack0lian) 29. November 2016<\/a><\/p><\/blockquote>\n