Results 1 to 5 of 5

Thread: 0 day exploit in firefox/TOR STOP USING IT

  1. #1
    Join Date
    30th June 2011 - 14:30
    Bike
    2007 Triumph Tiger 1050
    Location
    Pokeno, New Zealand
    Posts
    1,138
    Blog Entries
    2

    0 day exploit in firefox/TOR STOP USING IT

    This was released last night, if you use any firefox based browser, including TOR you need to stop now... (until its fixed)

    https://www.wordfence.com/blog/2016/...ox-0-day-wild/

    We’re publishing this as an emergency bulletin for our customers and the larger web community. A few hours ago a zero day vulnerability emerged in the Tor browser bundle and the Firefox web browser. Currently it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.If you use Firefox, we recommend you temporarily switch browsers to Chrome, Safari or a non-firefox based browser that is secure until the Firefox dev team can release an update. The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is in the wild, meaning it’s now public and every hacker on the planet has access to it. There is no fix at the time of this writing.
    Currently this exploit causes a workstation report back to an IP address based at OVH in France. But this code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so we expect new variants of this attack to emerge rapidly.
    This is a watering hole attack, meaning that a victim has to visit a website that contains this exploit code to be attacked.
    Twitter user @TheWack0lian noticed the shellcode (code that executes on your Windows workstation once exploited) is very similar to shellcode likely used by the FBI back in 2013 to deanonymize visitors to child porn websites hosted by FreedomHosting. The FBI confirmed that they compromised that server and days later it was serving malware that would infect site visitor workstations. The code then reported site visitor real IP addresses, MAC addresses (network card hardware address) and windows computer name to a central server. This code is very similar.
    "If a million people say a foolish thing, it is still a foolish thing." - Anatole France
    "An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't." - Anatole France
    ZRXOA #9170

  2. #2
    Join Date
    31st March 2005 - 02:18
    Bike
    CB919, 1090R, R1200GSA
    Location
    East Aucks
    Posts
    10,425
    Blog Entries
    140
    Firefox users should have the browser update automatically to 50.0.2 which patches the vulnerability

    http://arstechnica.com/security/2016...active-attack/
    Quote Originally Posted by Jane Omorogbe from UK MSN on the KTM990SM
    It's barking mad and if it doesn't turn you into a complete loon within half an hour of cocking a leg over the lofty 875mm seat height, I'll eat my Arai.

  3. #3
    Join Date
    30th June 2011 - 14:30
    Bike
    2007 Triumph Tiger 1050
    Location
    Pokeno, New Zealand
    Posts
    1,138
    Blog Entries
    2
    Quote Originally Posted by Gremlin View Post
    Firefox users should have the browser update automatically to 50.0.2 which patches the vulnerability

    http://arstechnica.com/security/2016...active-attack/

    cool...I'd still stop using it :P
    "If a million people say a foolish thing, it is still a foolish thing." - Anatole France
    "An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't." - Anatole France
    ZRXOA #9170

  4. #4
    Join Date
    6th May 2012 - 10:41
    Bike
    invisibike
    Location
    pulling a sick mono
    Posts
    6,057
    Blog Entries
    4
    @windows users:

  5. #5
    Join Date
    8th January 2005 - 15:05
    Bike
    Triumph Speed Triple
    Location
    New Plymouth
    Posts
    10,079
    Blog Entries
    1
    Quote Originally Posted by Akzle View Post
    @windows users:
    Yeah. Funny aren't they?
    There is a grey blur, and a green blur. I try to stay on the grey one. - Joey Dunlop

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •