Mozilla has quickly patched a critical security flaw which affected Firefox users. This move came following a new exploit against a big security issue was discovered that targeted users of the Tor browser.
Mozilla has quickly patched a critical security flaw which affected Firefox users. This move came following a new exploit against a big security issue was discovered that targeted users of the Tor browser. The problem, also known as zero-day vulnerability attack a heap overflow bug. This bug gives malicious programs a chance to work itself in targeted Windows desktops and laptops. Tor co-founder Roger Dingledine found the flaw and he posted it on the Tor website. The bug has only one basic HTML and one CSS file. Dingledine himself informed about the fact that Mozilla was already patching the flaw in Firefox. He wrote, “It sounds like the immediate next step is that Mozilla finishes their patch for it. Then the step after that is a quick Tor Browser update. And somewhere in there people will look at the bug and see whether they think it really does apply to Tor Browser.”
If The Wack0lian is to be believed the new bug calls a unique identifier to a server with address 220.127.116.11 which belongs to French ISP OVH but there is reportedly no response from there. There are also many suspicions on whether the issue somewhere relates to any FBI operation. Dan Guido, CEO of TrailOfBits in a series of tweets described the issue and also said, “The vulnerability is present on MacOS, but the exploit does not include support for targeting any operating system but Windows.” He added, “Final thoughts: the Tor Browser Bundle is unable to protect those that need it most. If you rely on it, strongly reconsider your choices.”