Mozilla has bumped its Firefox web browser up to version 50.0.2 in an effort to patch a bug which was actively being used to expose Tor users. Consequently, the Tor Browser was updated to 6.0.7, and Tails OS was updated to 2.7.1. Luckily, the bug is believed to have only been leveraged against Windows users, although in theory, the bug affects OS X and Linux users too. The Tor Project, has said in the past, that if you want to really be anonymous, then you should be running Tor on a live system, such as Tails, rather than on Windows.
In a blog post over at Mozilla, titled ‘Fixing an SVG Animation Vulnerability’, Daniel Veditz wrote:
“Early on Tuesday, November 29th, Mozilla was provided with code for an exploit using a previously unknown vulnerability in Firefox. The exploit was later posted to a public Tor Project mailing list by another individual. The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code. It used this capability to collect the IP and MAC address of the targeted system and report them back to a central server.”
The Tor Project and the team behind the secure Tails operating system have both issued patches for their respective software and it is highly recommended that you patch and restart your Tor browser after updating. For those of you that set the Tor browser security slider to “High”, the Tor Project believes that you were safe from this vulnerability.
Source: Tor Project Blog | Image via idigitaltimes
2 Comments - Add comment