New Firefox/TorBrowser 0day in the wild

Ben Mezger benmezger at autistici.org
Wed Nov 30 03:34:52 PST 2016


I guess not, I am not sure, but it looks like it's a Windows only
exploit. Wait for Firefox to release an update and prevent using Firefox
for any activity meanwhile.

On 29/11/16 22:16, Shawn K. Quinn wrote:
> On 11/29/2016 04:57 PM, Ben Mezger wrote:
>> "This is an Javascript exploit actively used against TorBrowser NOW. It
>> consists of one HTML and one CSS file, both pasted below and also
>> de-obscured. The exact functionality is unknown but it's getting access to
>> "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I
>> had to break the "thecode" line in two in order to post, remove ' + ' in
>> the middle to restore it."
>>
>> https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
> 
> Does this do anything against non-Windows systems?
> 
> 

-- 
Kind regards,
Ben Mezger



More information about the cypherpunks mailing list