A recently discovered vulnerability in Firefox and Tor browsers that de-anonymizes users has been fixed in a newly published patch by Mozilla. While the bug appears to only be actively exploited on Windows based systems, anyone running OS X or Linux should immediately patch their systems, because it can affect them as well.

Mozilla was given a copy of the attack code and found like a lot of exploits, the attack started when users ran malicious JavaScript. Once affected the victim’s IP and MAC address were sent to a server controlled by the attacker. The code used is very similar to one used by the FBI to identify people trading child pornography on Tor browsers in 2013.

While there is no direct evidence that the exploit was created by law enforcement, there is no way to know either way. However, the similarity does make for a pretty obvious example of how something created by the government for benign reasons can get loose into the wild and affect internet users at large.

Comments are closed.