Sunday, August 4, 2013

Reddit-reported "0-day" security issue in 17

Reddit is reporting a drive-by exploit on the Tor anonymizing network targeting Firefox 17 (general warning about links to dodgy and possibly-illegal-in-your-jurisdiction stuff on Tor applies; this is Reddit, after all). I don't use Tor, personally, but although while the exploit is currently limited to a site on the .onion network it is of course possible for it to be placed on the Net at large. I can't tell if it affects only 17, or if other versions are vulnerable, but this specific exploit uses x86 shellcode targeted at Windows and the most it can get a Power Mac to do is crash. (In fact, with our extremely large stack it's arguable it can even do that.) This bug is already public, so I'm not giving away anything here. Mozilla is investigating.

Because we are not exploitable with this particular technique, we won't pull 17.0.8 just for this. Mozilla has found an incomplete fix on one of the other security issues which we might be vulnerable to, however (I'm still analyzing how we handle it), so stay tuned.

UPDATE: Hacker News has some of the backstory, for the interested.

UPDATE THE SECOND: It appears this bug was already fixed, thankfully, in 17.0.7; the exploit is specifically targetted at Tor users which lack an autoupdate.

No comments:

Post a Comment

Due to an increased frequency of spam, comments are now subject to moderation.