DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 23, 2019 
Main Menu
News archives

Who's Online
There are currently 197 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Zero-day Firefox exploit targets Tor users

Posted on Wednesday, November 30 2016 @ 13:39:12 CET by

Firefox logo
If you're using Tor in combination with Firefox you need to watch out because there's a zero-day vulnerability that's exploited in the wild to run malicious code on computers running Windows. The exploit target a memory corruption vulnerability and its payload is almost identical to what the FBI used in 2013 to retrieve the identity of people visiting a Tor-shielded child pornography website. The exploit uses JavaScript so turning that off will prevent infection.
Joshua Yabut, another researcher who also analyzed the code, told Ars it exploits a heap overflow bug that requires JavaScript to be enabled on the vulnerable computer. Yabut went on to say the code is "100% effective for remote code execution on Windows systems." The exploit code, the researcher added, adjusts the memory location of the payload based on the version of Firefox being exploited. The versions span from 41 to 50, with version 45 ESR being the version used by the latest version of the Tor browser. The adjustments are an indication that the people who developed the attack tested it extensively to ensure it worked on multiple releases of Firefox. The exploit makes direct calls to kernel32.dll, a core part of the Windows operating system.
Full details at ARS Technica.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba