The code of an exploit that takes advantage of a zero-day vulnerability in Firefox was published on the Tor Project mailing list. If hidden inside a web page can help to identify the users who use the famous anonymous communication network, accessible via the Tor Browser based on Firefox. Mozilla has confirmed that it is working to develop a patch quickly.

Security researchers who have analyzed the code (a mix of HTML, CSS and JavaScript) affirm that the exploit takes advantage of a vulnerability “memory corruption” to run malware on Windows computers. The payload is similar to that used by the FBI in 2013 to expose some users Tor accused of child pornography. An attacker can find out the public IP address when the web page where the code is inserted is opened by Tor Browser or Firefox, allowing to identify the unsuspecting victim.

The exploit makes direct calls to kernel32.dll and change the memory location of the payload based on the browser version. Who developed the code and then wants the certainty that the exploit works on any release between the 41 and 50 . Firefox 45 ESR is the version used by the Tor Browser. A spokesperson for Mozilla said that the fix is ​​in development.

Unfortunately, the publication of the code will allow a large number of people to take advantage of zero-day vulnerabilities. Users thus have three options: to prevent unsafe sites, disable JavaScript (eg via NoScript) or use an alternative browser until the termination patch.