Firefox zero-day: Mozilla, Tor issue critical patches to block active attacks

[RV_]

Excerpt:

 

"If the government created this Firefox and Tor Browser exploit, it just endangered all web users, argues Mozilla.

 

Mozilla and Tor have released patches for Firefox and the Firefox-based Tor Browser to block a live attack aimed at unmasking users of the Tor anonymity network.

 

The patch, which Mozilla released on Wednesday, addresses a Firefox animation remote code execution flaw that on Tuesday was discovered to have been actively exploited to de-anonymize Tor Browser users.

 

The attack relied on Firefox or the Firefox-based Tor Browser to load a webpage that contained malicious JavaScript and scalable vector graphics (SVG) code. The exploit was designed to scoop up the real IP and MAC address of Windows systems and send it to a central server, Mozilla's security lead, Daniel Veditz said.

 

The payload only works against Windows systems running Firefox and the Tor Browser, although Veditz noted the vulnerability exists on the Firefox for macOS and Linux, so he urged users of these platforms to update their browser too.

 

The issue, which Mozilla rates as critical for Firefox, is fixed in Firefox version 50.0.2, and Firefox Extended Support Release version 45.5.1, according to Mozilla's release notes. The bug also affected Mozilla's Thunderbird email client and is fixed in version 45.5.1"

 

More details and links here: http://www.zdnet.com/article/firefox-zero-day-mozilla-tor-issue-critical-patches-to-block-active-attacks/?loc=newsletter_featured_related_listing&ftag=TRE17cfd61&bhid=19724681974700635514865380622813

[Pieere]

I had a wierd dream about this last night but it was an attack on my cell phone!! A hacker took over complete control of my account! It was not real thank God!