Anonymous Web-host shut down, owner arrested; Tor users compromised by Javascript exploit

And this is the Mozilla response:

Dan Veditz posted:

The vulnerability being exploited by this attack was fixed in Firefox
22 and Firefox ESR 17.0.7. The vulnerability used is MFSA 2013-53

People who are on the latest supported versions of Firefox are not at
risk.

Although the vulnerability affects users of Firefox 21 and below the
exploit targets only ESR-17 users. Since this attack was found on Tor
hidden services presumably that is because the Tor Browser Bundle
(TBB) is based on Firefox ESR-17. Users running the most recent TBB
have all the fixes that were applied to Firefox ESR 17.0.7 and were
also not at risk from this attack.

The only folks at risk are folks running older versions of either mainline Firefox or ESR17.

Folks, this is why installing security update versions of your browser are important. If you’re running Firefox, you’ll get a prompt when a new version is available. Follow the prompt and install the update. It is painless and the whole point is that, along with new features (except for ESR versions), you get security fixes.

The next release is on Tuesday.

3 Likes