Mozilla and Tor issue a Firefox zero-day security patch

If you are wondering why a notification asking to update your Firefox browser at once popped up, do not hesitate to do it. Mozilla and Tor network engineers joined forces to release a security patch due to the increased numbers of cyber attacks in Tor network. They were forced to issue the update as soon as the news broke out about hackers exploiting a zero-day vulnerability to track down anonymized users. It did not take long for cyber villains to make a move. Even if Tor netizens are the primary target, Firefox users are at risk as well. At the moment, there are no reports what percentage of a virtual population has been affected. Luckily, IT experts have responded quickly and released an update to fix the flaw.

Those members of a virtual world, who are puzzled understanding how Firefox and Tor are related, should know that the latter network works on the same pattern as open-source Firefox browser. Likewise, both of these tools possess common characteristics as well as drawbacks. After villains had discovered the major flaw which helped them reveal the identities of millions of anonymous Tor users, they launched a series of successive attacks. Specifically, the infection was delivered in a corrupted JavaScipt code exploit kit. Such technique highly resembled the one employed by FBI to track down the criminals linked to child pornography case in 2016. Sine Tor network provides anonymity, it has attracted villains and felons of a different kind. Interestingly, Locky ransomware developers use the same network for communicating with victims.

Firefox zero-day update

The incident came into daylight when the cyber security company Sigaint leaked the news about the published exploit kit in the net. The very malware is comprised of HTML and one CSS file. The latter enables the access to VirtualAlloc and kernel32.dll. Furthermore, the request sent to the latter file enables to hack Windows OS users faster. Therefore, if you are running this OS and employ Firefox as your primary browser, check whether you have received an urgent update patch. There are many speculations about the identity of the hackers and the motif of such cyber campaign. It has been discovered so far that the JavaScipt sends a signal to French IP address. Some see a relation to FBI and speculate that the attack might have been sponsored by this institution. Luckily, Mozilla admins have already spread the update so you should get a message soon. Otherwise, restrain from using Tor network until things settle down.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions