Previous All Posts Next

Firefox Zero-Day Exploit: Tor Users De-Anonymized

Posted: December 2, 2016 to News.

Tags: Malware, Data Breach, Digital Forensics

A recently discovered vulnerability in Firefox and Tor browsers that de-anonymizes users has been fixed in a newly published patch by Mozilla. While the bug appears to only be actively exploited on Windows based systems, anyone running OS X or Linux should immediately patch their systems, because it can affect them as well. Mozilla was given a copy of the attack code and found like a lot of exploits, the attack started when users ran malicious JavaScript. Once affected the victim’s IP and MAC address were sent to a server controlled by the attacker. The code used is very similar to one used by the FBI to identify people trading child pornography on Tor browsers in 2013. While there is no direct evidence that the exploit was created by law enforcement, there is no way to know either way. However, the similarity does make for a pretty obvious example of how something created by the government for benign reasons can get loose into the wild and affect internet users at large.

Related Resources

Learn more about how Petronella Technology Group can help:

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

FBI Issues Warning for Gmail, Outlook, AOL, and Yahoo Users FBI Issues Warning for Gmail, Outlook, AOL, and Yahoo Users Top 3 MFA Bypass Attacks: MFA Fatigue, Token Theft, and Machine-in-the-Middle Attacks Top 3 MFA Bypass Attacks: MFA Fatigue, Token Theft, and Machine-in-the-Middle Attacks Stop M365 MitM Attacks: MFA Bypass Defense Guide Stop M365 MitM Attacks: MFA Bypass Defense Guide Understanding and Defending Against MFA Machine-in-the-Middle (MitM) Attacks Understanding and Defending Against MFA Machine-in-the-Middle (MitM) Attacks
Craig Petronella
Craig Petronella
CEO & Founder, Petronella Technology Group | CMMC Registered Practitioner

Craig Petronella is a cybersecurity expert with over 24 years of experience protecting businesses from cyber threats. As founder of Petronella Technology Group, he has helped over 2,500 organizations strengthen their security posture, achieve compliance, and respond to incidents.

LinkedIn Twitter About
Related Service
Need Cybersecurity or Compliance Help?

Schedule a free consultation with our cybersecurity experts to discuss your security needs.

Schedule Free Consultation
Previous All Posts Next
Free cybersecurity consultation available Schedule Now