Tor releases urgent update for Firefox 0-day that’s under active attack

Developers with Tor have published a browser update that patches a critical Firefox vulnerability being actively exploited to deanonymize people using the privacy service.

"The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. "Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately."

The Tor browser is based on the open source Firefox browser developed by the Mozilla Foundation. Mozilla officials said on Tuesday they were in the process of developing a fix that presumably included mainstream versions of Firefox, but at the time this post was being prepared, a patch was not yet available. Mozilla representatives didn't respond to an e-mail seeking comment for this post.

Read 3 remaining paragraphs | Comments