therecord.media
Open in
urlscan Pro
2606:4700:4400::ac40:91e2
Public Scan
URL:
https://therecord.media/recently-patched-firefox-bug-being-used-against-tor-browser-users
Submission: On October 15 via api from TR — Scanned from US
Submission: On October 15 via api from TR — Scanned from US
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input name="s" placeholder="Search…" type="text" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * Elections * Technology * Cyber Daily® * Click Here Podcast Go Subscribe to The Record ✉️ Free Newsletter Image: Rubaitul Azad via Unsplash Daryna Antoniuk October 14th, 2024 * Cybercrime * News * News Briefs * Privacy * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. RECENTLY-PATCHED FIREFOX BUG EXPLOITED AGAINST TOR BROWSER USERS The Tor anonymity network issued an emergency patch last week to address a recently-discovered security flaw that was being exploited against its users. The bug, tracked as CVE-2024-9680, allows attackers to execute malicious code within the browser’s content process — the environment where web content is loaded and rendered. The flaw was discovered by a researcher from the cybersecurity firm ESET and was first patched by the Mozilla Foundation in its Firefox web browser last week. According to Tor’s statement, Mozilla is aware of the flaw being actively exploited in the wild against Tor Browser users. “Using this vulnerability, an attacker could take control of Tor Browser, but probably not deanonymize you in Tails,” the statement reads. Tails is a privacy-focused operating system that runs from a USB or DVD, leaving no trace on the host computer after shutdown. It routes all internet traffic through the Tor network to ensure anonymity and comes with built-in tools like encrypted email, secure messaging and disk encryption. The CVE-2024-9680 vulnerability is described as a “use-after-free” flaw, which occurs when a program tries to access memory that has already been released or freed. Memory corruption bugs like this are often used to attack browsers, potentially giving attackers control over the service or further access to the system. The exploit requires no user interaction and can be executed over the network with low complexity. It has been assigned a CVSS score of 9.8 out of 10, indicating a critical vulnerability. To address the flaw, both Mozilla and Tor recommend that users update their browser installations to the most current versions available. * * * * * Tags * Tor * Tor Browser * Vulnerability * Firefox * Mozilla * patch Previous articleNext article Pokémon video game developer confirms its systems were breached by hackers Iran-linked hackers increasingly spy on governments in Gulf region, researchers say Daryna Antoniuk is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post. BRIEFS * Iran-linked hackers increasingly spy on governments in Gulf region, researchers sayOctober 14th, 2024 * Recently-patched Firefox bug exploited against Tor browser usersOctober 14th, 2024 * Ukraine police arrest hacker for operating illegal VPN service to access sanctioned Russian sitesOctober 11th, 2024 * Cyber insurer says ransomware attacks drove a spike in claim sizesOctober 11th, 2024 * NATO moves ‘most experienced and expert individual’ on cyber out of cyber sectionOctober 11th, 2024 * Mozilla fixes critical Firefox bug exploited in the wildOctober 10th, 2024 * Russian cyber firm Dr.Web denies data leak by pro-Ukraine hackersOctober 10th, 2024 * NSA cyber chief: Espionage is now Russia’s focus for cyberattacks on UkraineOctober 10th, 2024 * Suspected Bohemia dark web marketplace admins arrested by Dutch, Irish policeOctober 9th, 2024 OUTMANEUVERING RHYSIDA: HOW ADVANCED THREAT INTELLIGENCE SHIELDS CRITICAL INFRASTRUCTURE FROM RANSOMWARE Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware RHADAMANTHYS STEALER ADDS INNOVATIVE AI FEATURE IN VERSION 0.7.0 Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 TARGETS, OBJECTIVES, AND EMERGING TACTICS OF POLITICAL DEEPFAKES Targets, Objectives, and Emerging Tactics of Political Deepfakes "MARKO POLO" NAVIGATES UNCHARTED WATERS WITH INFOSTEALER EMPIRE "Marko Polo" Navigates Uncharted Waters With Infostealer Empire H1 2024: MALWARE AND VULNERABILITY TRENDS REPORT H1 2024: Malware and Vulnerability Trends Report * * * * * * Privacy * About * Contact Us © Copyright 2024 | The Record from Recorded Future News