I guess not, I am not sure, but it looks like it's a Windows only exploit. Wait for Firefox to release an update and prevent using Firefox for any activity meanwhile. On 29/11/16 22:16, Shawn K. Quinn wrote:

On 11/29/2016 04:57 PM, Ben Mezger wrote:

...

"This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I had to break the "thecode" line in two in order to post, remove ' + ' in the middle to restore it."

https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html

Does this do anything against non-Windows systems?

-- Kind regards, Ben Mezger

On 11/30/2016 08:20 AM, Georgi Guninski wrote:

On Tue, Nov 29, 2016 at 06:16:44PM -0600, Shawn K. Quinn wrote:

...

...

https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html

Does this do anything against non-Windows systems?

The exploit appears windoze only, but likely the bug is alive on other OSes, so the sploit can be ported. It appears "use after free":

http://www.theregister.co.uk/2016/11/30/possible_tor_browser_decloak_zero_da...

In <https://news.ycombinator.com/item?id=13066825>, schoen noted: | The underlying vulnerability has to do with a memory corruption | of some sort in Firefox's SVG rendering, which is a code base | that is shared across platforms. So probably an analogous memory | corruption exists on other platforms, because it's compiled from | the same C++. While it's possible that it's not exploitable | outside of Windows, there is no specific reason to assume it | won't be. | | But the exploit here with the ROP chain, calling Windows APIs, | etc., is apparently Win32-specific and doesn't have binary code | that could run successfully on other platforms. | | The setup for the exploit is apparently primarily in the | Javascript function craftDOM() which makes some SVG objects and | modifies some of their properties, presumably in a way that | triggers an underlying bug in Firefox's SVG support. There is | also a Win32 object code payload in the string object thecode, | which would not be able to run unmodified on another platform. | Also, the ROP chain code is likely to be Windows-specific in | several respects. Indeed, the statement | | throw"Bad NT Signature"; | | seems to be actively giving up the attack if it detects a | non-Win32 environment.