>There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.
>Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.
>According to security researchers who analyzed the code, it exploits a memory corruption vulnerability that allows malicious code to be executed on computers running Windows. The malicious payload it delivers, according to an independent researcher who goes by the Twitter handle @TheWack0lian, is almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site. The FBI ultimately acknowledged responsibility for the exploit, which was embedded in Web pages served by a service known as Freedom Hosting.
>"It's basically almost EXACTLY the same as the payload used in 2013," TheWack0lian told Ars. "It exploits some vuln that executes code very similar to that used in the 2013 Tor browser exploit. Most of the code is identical, just small parts have changed."
You have to expect that someone clever might figure out some way when they can run scripts in your browser. Which is why JavaScript is turned off by default. Like the pedos being caught after running flash in the tor browser. It's a user error and not a browser error. Nobody can be anonymous and at the same time run JavaScript and flash nilly willy
Lincoln Cox
Javascript on tor browser is turned on by default, and the tor team suggest not to turn off.
I hope they've learnt their lesson and change it to off by default with a warning to the users that turning it on may cause problems. This is the second huge case of Javascript exploit.
Jack Walker
HEY GUYS STOP USING LINUX! Some researchers have figured out that copy pasting commands from the Internet might run malicious code on your computer. Better not run Linux at all with this huge bug.
Nolan Morgan
> It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch. >javascript exploit they deserve to get V& for using javascript
We knew the FBI had a "zeroday" for the tor browser anyway. We also knew it was something fucking stupid like this.
Jackson Gonzalez
>on computers running Windows k
Grayson Bell
Ok.
Wyatt Cook
What browser should wincucks use then? I don't want anything that records my history and URLs and sends them to some server. Is icecat affected by this? Why are there no secure browsers anymore ;_;
Blake Peterson
Anyone using the tor browser for anything illegal deserves to be v& anyway. Tails and whonix exist for a reason
Jeremiah Brooks
Hardened Musl Gentoo with Grsec (and the RBAC) master race, get the fuck out Debian plebs thinking you're "secure" with fucking glibc.
Christian Miller
I don't care. Oh no my futanari exhentai browser history.
Isaac Long
bump
Connor Walker
Is there a tool like AppArmor or SELinux on windows that could mitigate this?
Dominic Moore
if the only people that got harmed were a few pedophiles then good, i am glad the FBI found the exploit and busted those SOBs
Angel Reyes
I don't even care. How can I disable Javascript? I don't think Alphabay needs it.
Easton Stewart
>Anyone using the tor browser for anything illegal deserves to be v& anyway.
Like complaining about the government or researching the Tiananmen Square protests of 1989?
Or buying bitcoin or speaking to foreigners? All of them highly illegal
Hudson Martin
>Windows People still use this? Why?
Easton Perez
Firecucks blown the fuck out yet again.
>2016 >not using Chromium Even Google Chrome is better than the latest pile of shit from Mozilla.
Lucas Kelly
Some people are too stupid to install something that does not come default user, stop being ableist. Nobody cares that you are edgy and pointing out that people lack mental functions.
Ethan Kelly
>Chromium Why not iron?
Isaiah Ortiz
>Nobody cares that you are edgy and pointing out that people lack mental functions. Look, sure. I just thought it was ironic that people who wished to be anonymoose decided to use a certified botnet OS.
Christian Lewis
OMG i'm scared! Please Google, MS or someone rape me now!
Bentley Martinez
I mean, > almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site > watching CP > on WINDOWS
> people lack mental functions I think that's the most diplomatic way to describe them.
Liam Richardson
>Nobody cares that you are edgy >implying he is edgy
Samuel Hill
>reading arstechnica when they have become a SJW site that also pushes fake news
Brayden Martin
I have nothing to hide. I don't care about the zero day.
