Mozilla Is Working On Patch For Vulnerability That Could Unmask Tor Users

Mozilla is working on an update to close a security hole that could expose Tor browser users. The Tor browser runs on a modified version of Firefox. The javascript exploit would be able to extract mac addresses, hostnames and ip addresses.

According to An anonymous notice to the Tor community, the javascript exploit is now being used publicly to expose Tor browser users. “It’s not entirely clear how it works, but it accesses VirtualAlloc in kernel32.dll and continues from there,” he or she says. All a victim needs to do to be affected is visit an infected web page.

Tor head Roger Dingledine responds on the posting by saying that Mozilla is already on the height is of the security hole and is working on an update, but that he is not convinced that the Tor browser is also affected. That needs to be determined later, he said.

The Register writes that the tool is very similar to another Tor exploit from 2013. Both tools connect to an IP address on port 80 via http, after which they forward the MAC address, host name and IP address of the target. The IP address where the data went would belong to a virtual machine at the French hosting provider OVH. The 2013 Tor exploit was also used by the FBI to expose criminals on Tor.

It is not clear whether the FBI also used this exploit in Operation Playpen. The FBI refuses to reveal exactly what kind of malware it used to discover the identities of thousands of Tor users distributing child pornography. The two methods do have in common that they are unpatched to date and Tor users steal their IP address.