Firefox Zero-Day Can Be Used To Unmask Tor Browser Users

An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.

Re:I don't understand

[lgw]

What does this have to do with Trump.

They should change this site to trumpdot.org!

Hey, that's not fair. Only half the stories are Trump-bashing. The other half are Facebook or Reddit bashing.

Fixed even before this story got published

[Giorgio+Maone]

Great work by Mozilla and the Tor Project on the lighting fast (

And yes, NoScript did protect against this (the Tor Browser has it built-in, for users who know what they're doing).

Re:Windows and Javascript

[RuffMasterD]

Calls to KERNEL32.dll are OS agnostic? Fuck me sideways!

Re: tor huh

[RuffMasterD]

And yet you post anonymous. Because you don't want anyone to link what you say online back to your identity. Go right ahead and lead by example AC.

Don't use the Tor browser on a darknet!

[GameboyRMH]

It probably seems crazy to tell you not to use the official darknet browser on a darknet, but sadly the Tor browser is the top attack vector used by law enforcement against darknet users. It's the biggest target by far. You have to roll your own darknet browser. It's a PITA but otherwise, every exploit in the TLA's books is going to be aimed at you. Also it should go without saying that your browser should be running in a Linux VM whose state is discarded on shutdown, and ideally you should have a firewall setup that blocks all outgoing traffic not going to the darknet proxy address.