Mozilla scrambling to address security attacks on Tor users

Mozilla is expected to release a security patch in the near future for Firefox, whose vulnerability is apparently exploited to attack Tor users.

There are multiple reports of a JavaScript exploit which is used to attack Tor users by revealing their MAC address, hostname, and even their public IP address in some cases. Tor is an anonymous browser, but most importantly, is based on a version of Mozilla’s Firefox. So these two browsers often share similar vulnerabilities. And that’s why Mozilla is scrambling to track the bug and come up with a patch to address the concern.

The exploit was posted by an anonymous user, and according to this user, the leak happens when a package containing SVG, JavaScript, and x86 code pops up on a Tor mailing list and is opened:

This is a JavaScript exploit actively used against Tor Browser now. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it’s getting access to VirtualAlloc in kernel32.dll and goes from there.

Although the attacks are targeted at Tor users for now, the exploit code is readily accessible, meaning it could be used to attack Firefox users, given these two browsers’ similarities. Not much is known at this moment, but it is possible that the attacks require JavaScript to be enabled in the browser. Dan Guido, a security researcher at TrailofBits, warns that Firefox on macOS is also at risk.

What’s interesting is that the code that is being used to unmask identities of Tor users is extremely similar to the one used by the FBI in the past in tracking down dark-web child-abuse website users. However, given the fact that the latest exploit sends a unique identifier to a French address, and not directly to the agency, it is unlikely the FBI is involved in it.

Window users out there: if the potential exploit bothers you, your best bet would be Chrome or Edge, which should be more difficult to exploit due to memory partitioning.