Turn off Javascript - Tor Browser 0day being used in the wild

https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html

This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP.

The exploit was confirmed by the Mozilla Security Team

I pointed some folks on irc to this mail, and Daniel Veditz (Mozilla Security Team) said "the Firefox team was sent a copy of that this morning. We've found the bug being used and are working on a patch."

As this particular exploit relies on javascript, turning it off completely for all sites using noscript should provide protection. Do this ASAP, now that the 0day has been exposed whoever is using it may start throwing it around widely before it gets patched.


Comments


[7 Points] dabbingtimes:

always turn off javascript, every single serious tor flaw ive ever seen used java as a exploit


[3 Points] idontreddit115:

you don't need to turn off js, just disable web workers - about:config dom.workers.enabled false


[1 Points] jack19056:

I cant see the content of this post if I turn JS off, this is a big pain in the ass. Any one knows any turnarounds to this?


[1 Points] wombat2combat:

more info in the comments here https://news.ycombinator.com/item?id=13066825

tl;dr

probably the feds popping some more pedos. not that I am complaining but the are going to use the same [illegal] tactics on us in the future if they can get away with using them on cp sites.

while it seems to be used on only one cp site it is of course possible that it was deployed on other sites too.