Firefox rushed to fix a critical vulnerability in its browser that could potentially be used to find out the identities of those using the anonymising network, Tor. Tor is a browser that allows for anonymous web surfing, and supports use of its anonymising network by third party browsers.
Firefox published an advisory for the vulnerability alerting users of a threat to their privacy, and then quickly went on to release a fix for the vulnerability.
Users can install the latest version of Firefox manually, or wait for the update to be installed automatically, which usually happens within twenty four hours of a new release. Mozilla was provided with the vulnerability, which was later posted on a Tor usergroup.
A bug in Firefox could be used to load a web site containing malicious JavaScript and SVG code. Arbitrary code could be executed on the machine of the user through this exploit. In a particular implementation, the malicious code had the capability to find out the IP and MAC addresses of the user, compromising user anonymity.
The payload was known to work only on Windows machines, but the vulnerability existed on Mac and Linux systems as well. The exploit works similar to the “Network Investigative Technique” previously used by the FBI to gather evidence against a child porn ring.
The similarity has lead Firefox to suspect that this exploit was also developed by government sponsored agencies. If that is the case, Firefox says that the exploit getting into the wild brings to focus the dangers posed to the larger web because of state sponsored tools.
Firefox rushed to fix a critical vulnerability in its browser that could potentially be used to find out the identities of those using the anonymising network, Tor. Tor is a browser that allows for anonymous web surfing, and supports use of its anonymising network by third party browsers.
Firefox
published an advisory for the vulnerability alerting users of a threat to their privacy, and then quickly went on to release a fix for the vulnerability.
Users can install the
latest version of Firefox manually, or wait for the update to be installed automatically, which usually happens within twenty four hours of a new release. Mozilla was provided with the vulnerability, which was later posted on a Tor usergroup.
A bug in Firefox could be used to load a web site containing malicious JavaScript and SVG code. Arbitrary code could be executed on the machine of the user through this exploit. In a particular implementation, the malicious code had the capability to find out the IP and MAC addresses of the user, compromising user anonymity.
The payload was known to work only on Windows machines, but the vulnerability existed on Mac and Linux systems as well. The exploit works similar to the “Network Investigative Technique” previously used by the FBI to
gather evidence against a child porn ring.
The similarity has lead Firefox to suspect that this exploit was also developed by government sponsored agencies. If that is the case, Firefox says that the exploit getting into the wild brings to focus the
dangers posed to the larger web because of state sponsored tools.
slice Team!
2015 copyrighted company it was founded and administrated by ceo mouli tharan it was the one and only website where u could have intresting life facts,we bring u some tech freaking news to inspire u,about us and join us and have fun to be with us and slice your life,i hope u have got started syl yourself now.
Technology
Post A Comment:
0 comments: