Firefox 50.0.2 patches the vulnerability that exposes Tor users

Yesterday news made the rounds about a Firefox vulnerability that was exploited in the wild to target Tor network users on Windows PCs. By exploiting the vulnerability, attackers could retrieve the real identity of Tor users. Users are now safe again as Firefox has been updated to version 50.0.2, and Tor has been updated as well.

Mozilla explains how it worked, and confirms the vulnerability existed on macOS and Linux as well.

Early on Tuesday, November 29th, Mozilla was provided with code for an exploit using a previously unknown vulnerability in Firefox. The exploit was later posted to a public Tor Project mailing list by another individual. The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code. It used this capability to collect the IP and MAC address of the targeted system and report them back to a central server. While the payload of the exploit would only work on Windows, the vulnerability exists on Mac OS and Linux as well.