New
#311
Yep, now the info is up, when I clicked, it showed nothing.
Yep, now the info is up, when I clicked, it showed nothing.
New 50.0.2 out just a bit ago. Think it fixed the 0 day flaw reported earlier. No details yet.....
EDIT: Details just in:
Firefox SVG Animation Remote Code Execution
Firefox SVG Animation Remote Code Execution — Mozilla
Mozilla Security BlogNov
30
2016
Daniel Veditz
At roughly 1:30pm Pacific time on November 30th, Mozilla released an update to Firefox containing a fix for a vulnerability reported as being actively used to deanonymize Tor Browser users. Existing copies of Firefox should update automatically over the next 24 hours; users may also download the updated version manually.
Early on Tuesday, November 29th, Mozilla was provided with code for an exploit using a previously unknown vulnerability in Firefox. The exploit was later posted to a public Tor Project mailing list by another individual. The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code. It used this capability to collect the IP and MAC address of the targeted system and report them back to a central server. While the payload of the exploit would only work on Windows, the vulnerability exists on Mac OS and Linux as well. *Further details about the vulnerability and our fix will be released according to our disclosure policy.
The exploit in this case works in essentially the same way as the “network investigative technique” used by FBI to deanonymize Tor users (as FBI described it in an affidavit). This similarity has led to speculation that this exploit was created by FBI or another law enforcement agency. As of now, we do not know whether this is the case. If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web.
Categories: Security
Tnx, just got it myself (no auto update).
I'm getting a bit tired of FF, it's getting to be clunky as of last few versions. It opens fast enough and works fast enough but I'm getting "Not responding" more and more. That happens mostly when a page is not downloaded fast enough. Another thing I noticed is from few versions ago, a page would not scroll until fully loaded.
Just this morning I opened same pages in Vivaldi and nothing like that was happening on it.
having problems with the latest firefox when I click on reply with quote in a thread firefox crashes