Joshua Yabut, another researcher who also analyzed the code, told Ars it exploits a heap overflow bug that requires JavaScript to be enabled on the vulnerable computer. Yabut went on to say the code is "100% effective for remote code execution on Windows systems." The exploit code, the researcher added, adjusts the memory location of the payload based on the version of Firefox being exploited. The versions span from 41 to 50, with version 45 ESR being the version used by the latest version of the Tor browser. The adjustments are an indication that the people who developed the attack tested it extensively to ensure it worked on multiple releases of Firefox. The exploit makes direct calls to kernel32.dll, a core part of the Windows operating system.Full details at ARS Technica.
Zero-day Firefox exploit targets Tor users
Posted on Wednesday, November 30 2016 @ 13:39 CET by Thomas De Maesschalck