According to SecurityWeek, users can also prevent many websites from exhibiting their full functionality by disabling JavaScript. In the Tor newsletter, Roger Dingledine wrote that the Mozilla security team had located the bug and was working on a patch, which was later delivered to users. Another researcher, meanwhile, noted that the payload delivered by the exploit was almost the same as the one the FBI used in 2013 to track child pornographers. “This type of exploit is much harder to write in Chrome and Edge due to memory partitioning, an exploit mitigation that Firefox lacks,” Guido said on Twitter, adding that he believed the creator wrote the exploit from scratch. Since the Tor browser is built upon Firefox, any problem with Firefox is a problem for Tor. He also discovered that it affected the scalable vector graphics (SVG) parser in Firefox. He found that it was a standard use-after-free exploit, not a heap overflow as some had surmised. Fighting Fire With Firefoxĭan Guido of security firm Trail of Bits took a closer look at the code provided to the list. While the researchers have yet to determine its exact function, they reported that the exploit had gained access to VirtualAlloc in kernel32.dll. On Tuesday, the Tor mailing list reported the existence of a zero-day Firefox exploit that had been seen in the wild. Its underlying software was affected by browser malware, and cybercriminals were found to be hiding ransomware on the Tor network. It has been a rough week for privacy-focused web browser Tor, or The Onion Router.
0 kommentar(er)
