Possible Tor Browser de-cloak zero day dropped, patch in works (The Register)

A zero day Javascript exploit has emerged and, as it has the potential to de-cloak Tor Browser users, has sparked a flurry of patching activity.

Little detail of the problem has been revealed, as it surfaced a few hours ago on the Tor Project mailing list in a post from an anonymous user writing in from the Sigaint dark web email service. That post said the flaw is in active use against users of the Firefox-based TorBrower.

“This is an Javascript exploit actively used against TorBrowser now,” the author wrote .

“It consists of one HTML and one CSS file, both pasted below and also de-obscured.

“The exact functionality is unknown but it’s getting access to VirtualAlloc in kernel32.dll and goes from there.”

The flaw which appears to leak users’ MAC address and IP addresses to external servers was shipped to Mozilla’s security team which has located the flaw and is working on a patch, Tor Project lead Roger Dingledine says.

“So it sounds like the immediate next step is that Mozilla finishes their patch for it then … a quick Tor Browser update and somewhere in there people will look at the bug and see whether they think it really does apply to Tor Browser,” Dingledine says.

Early analysis suggests this problem has striking similarities to a separate exploit against the Tor Browser revealed in 2013, according to code comparision efforts.

We’ll update this story as details come to hand. ®

Transforming software delivery with DevOps

Source: SANS ISC SecNewsFeed @ November 29, 2016 at 06:57PM