A zero-day explorer in the Mozilla Firefox web browser has been used to cause remote code executions on TOR users and possibly other people as well. For more information read our article.
Mozilla Firefox TOR Zero-Day Vulnerability Used In Attacks
The vulnerability consits of one HTML and one CSS file which which can access the ” VirtualAlloc” function in the “kernel32.dll” process. The full code is posted publicly on the TOR mailing list and anyone can access the zero-day flaw and utilize it in an attack.
The TOR cofounder Roger Dingledine confirmed previously unknown vulnerabilities that have been identified in the browser and stated that the Mozilla Security team is actively working on a security patch to amend the problems.
The zero-day code exploits a memory corruption vulnerability which allows remote code executions on Microsoft Windows systems. The payload delivery is almost the same as the famous case in 2013 when such a flaw was used to deannonymize users visiting a TOR pornography site that contained images of children.
The fact that the exploit makes direct calls to the kernel32.dll core component of the operating system makes it rather dangerous.
There are no reported attack campaigns that use it as an intrusion technique however the fact that it has gone public and there is no patch yet makes it a very dangerous threat.
Mozilla Released An Update.
Mozilla Issued urgent security updates on Wednesday which address the vulnerability. The Mozilla Firefox and the Tor Browsers were updated.
- Mozilla Firefox was updated to version 50.0.2
- Mozilla Firefox ESR was updated to version 45.5.1
- Mozilla Thunderbird was updated to version 6.0.7