Mozilla engineers are patching a previously unknown JavaScript zero-day exploit that could expose Tor users.
The exploit was delivered through a Tor mailing list that when opened could unveil the MAC address and possibly even the IP address of a user running Tor Browser on Firefox. It is “100 percent effective for remote code execution on Windows systems,” said security researcher Joshua Yabut. Versions 41 to 50 of Firefox are reportedly affected.
According to reports, the zero-day’s code exploits a memory corruption vulnerability on Windows devices. It requires JavaScript to be running on your machine in order to work. The code, which has now been reverse engineered, does not appear to be responding to connections any more. – READ MORE
