Firefox exploit can uncloak all Tor users

Posted on Tuesday, Aug 06 2013 @ 13:58 CEST by Thomas De Maesschalck
Firefox logo
ARS Technica warns a publicly available exploit for Firefox threatens the anonymity of all Tor users:
The Firefox vulnerability that was exploited affects browser releases prior to the current version 22. The JavaScript found on Freedom Host sites, however, was designed to attack only Version 17 of the extended support release, which was included in a browser bundle offered by the Tor Project. The bundle has recently been updated to include Firefox 17.0.7, a version that has been patched to fix the memory-management vulnerability, according to this thread on the Mozilla security blog. People using Tor should make sure they're using the most up-to-date software. They should also avoid running JavaScript, Flash, and most other browser add-ons when attempting to browse anonymously. The Tor browser bundle includes the NoScript plugin to turn most add-ons off by default. For more information, see this advisory from Tor Project volunteers.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments