A zero-day explorer in the Mozilla Firefox web browser has been used to cause remote code executions on TOR users and possibly other people as well. For more information read our article.
Mozilla Firefox TOR Zero-Day Vulnerability Used In Attacks
A critical zero-day exploit in the Mozilla Firefox web browser is being used by hackers to execute malicious code on computer users using the TOR anonymous network and it is possible that the issue also affects other groups that use the web browser. The discovery was made by security experts from TOR which detected a Javascript exploit that is rendered in the browser.
The vulnerability consits of one HTML and one CSS file which which can access the ” VirtualAlloc” function in the “kernel32.dll” process. The full code is posted publicly on the TOR mailing list and anyone can access the zero-day flaw and utilize it in an attack.
The TOR cofounder Roger Dingledine confirmed previously unknown vulnerabilities that have been identified in the browser and stated that the Mozilla Security team is actively working on a security patch to amend the problems.
The zero-day code exploits a memory corruption vulnerability which allows remote code executions on Microsoft Windows systems. The payload delivery is almost the same as the famous case in 2013 when such a flaw was used to deannonymize users visiting a TOR pornography site that contained images of children.
Another researcher states that in order to execute the zero-day exploit JavaScript must be enabled on the host computer. The exploit code adjusts the memory location based on the installed version of the Mozilla Firefox web browser – from 41 to 50. The adjustments indicate that the person who devised the flaw has studied several versions of the popular application.
The fact that the exploit makes direct calls to the kernel32.dll core component of the operating system makes it rather dangerous.
There are no reported attack campaigns that use it as an intrusion technique however the fact that it has gone public and there is no patch yet makes it a very dangerous threat.
Mozilla Released An Update.
Mozilla Issued urgent security updates on Wednesday which address the vulnerability. The Mozilla Firefox and the Tor Browsers were updated.
- Mozilla Firefox was updated to version 50.0.2
- Mozilla Firefox ESR was updated to version 45.5.1
- Mozilla Thunderbird was updated to version 6.0.7