Firefox Exploit Capable of De-anonymizing Tor Users Has Been patched

The Mozilla browser is being used all over the world by millions of users. Unfortunately, as is the case with any browser, a zero-day vulnerability will pop up now and then. The developers addressed this issue rather quickly, as it was capable of unmasking Tor users. For those who are unaware, the Tor Browser uses the Firefox “framework” as its foundation.

Tor Users Were Nearly Unmasked By A Zero Day

When browsing the World Wide Web, it is virtually impossible to remain 100% anonymous at all times. Even though anonymity software and VPN service providers are becoming more popular than ever before,  the programs and tools we use are not infallible. The recent zero-day exploit found in

Firefox goes to show how difficult it is to remain anonymous.

This vulnerability was disclosed on Tuesday Night, and it even forced the Tor Project team to issue an emergency patch to their own browser. Firefox engineers then released their updated browser version Wednesday morning, and the exploit has been officially patched. Having the option to unmask Tor users’ real locations is never a positive development for a browser.

Hackers could exploit this vulnerability by tracking users into visiting an online site with customer-tailored web content. Through the use-after-free security hole, they can then execute arbitrary code on the host computer. As one would come to expect, this can lead to all kinds of mayhem, including the installation of remote trojans, malware,

ransomware, and keyloggers.



Related Post

But the most worrisome part was how this exploit collects and forwards both IP and MAC addresses, regardless of tools being used to obfuscate the information. For Tor users, this was a particularly grave concern, as they use their Tor browser to ensure that their real information is hidden from the rest of the world.

Mozilla Security Team’s Daniel Veditz explained it as follows:

“The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code. It used this capability to collect the IP and MAC address of the targeted system and report them back to a central server. While the payload of the exploit would only work on Windows, the vulnerability exists on Mac OS and Linux as well.”

It is possible that this exploit is similar to the tools used by the FBI to de-anonymize Tor users. While it remains to be seen if the exploit itself was created by law enforcement agencies, the loophole has been closed, and this method should no longer be a viable method of attack. It is another excellent example of how government hacking is helping the bad guys more than doing good.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

3 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

4 hours ago

IntelMarkets (INTL) Receives Massive Demand From Chainlink And SUI Investors Looking To Position For The Best Bull Run Gains

As the cryptocurrency market gears up for a bull run, IntelMarkets (INTL) is attracting significant…

4 hours ago

FOMO Selling Trigger $1 Billion Liquidations as LINK & SOL Bleed Heavily; What to Do Next?

In the past, Chainlink (LINK) and Solana (SOL) have been among the most discussed altcoins…

10 hours ago

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

15 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

21 hours ago