Mozilla moves quickly to fix vulnerability that was being actively exploited in attacks against Tor Browser, which is based on Firefox.
Late afternoon on November 30, Mozilla rushed out an emergency update for its open-source Firefox web browser, fixing a zero-day vulnerability that was being actively exploited by attackers. The vulnerability was used in attacks against the Tor web browser which is based on Firefox.The first public report of the Tor Browser attack emerged on November 29, in a post on the Tor mailing list. The Tor project is an effort that makes use of a global network of routers that aims to help provide a degree of anonymity and privacy for users. The TorBrowser is built on top of Firefox and integrates the Tor network, as well as additionally privacy tools.Among the configuration options that are part of the Tor Browser is a feature called the security slider, which can reduce the potential attack surface of the browser. As the security slider level is increased from low to high, browser capabilities that have been known to have had vulnerabilities in the past are progressively disabled.”If you slide your security slider to high, you won’t be vulnerable to this issue,” Roger Dingledine, co-founder of Tor wrote in a mailing list message.