[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New Firefox/TorBrowser 0day in the wild

Subject: New Firefox/TorBrowser 0day in the wild
From: benmezger at autistici.org (Ben Mezger)
Date: Wed, 30 Nov 2016 09:34:52 -0200
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

I guess not, I am not sure, but it looks like it's a Windows only
exploit. Wait for Firefox to release an update and prevent using Firefox
for any activity meanwhile.

On 29/11/16 22:16, Shawn K. Quinn wrote:
> On 11/29/2016 04:57 PM, Ben Mezger wrote:
>> "This is an Javascript exploit actively used against TorBrowser NOW. It
>> consists of one HTML and one CSS file, both pasted below and also
>> de-obscured. The exact functionality is unknown but it's getting access to
>> "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I
>> had to break the "thecode" line in two in order to post, remove ' + ' in
>> the middle to restore it."
>>
>> https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
> 
> Does this do anything against non-Windows systems?
> 
> 

-- 
Kind regards,
Ben Mezger

References:
- New Firefox/TorBrowser 0day in the wild
  - From: benmezger at autistici.org (Ben Mezger)
- New Firefox/TorBrowser 0day in the wild
  - From: skquinn at rushpost.com (Shawn K. Quinn)

Prev by Date: Are there crypto discussions on this forum
Next by Date: Are there crypto discussions on this forum
Previous by thread: New Firefox/TorBrowser 0day in the wild
Next by thread: New Firefox/TorBrowser 0day in the wild
Index(es):
- Date
- Thread