Published December 5, 2016 This content is archived.
If you like to cover your digital tracks using the Tor proxy service, you should know that a new vulnerability can reveal significant information about your browsing habits.
The exploit affected Firefox versions 41 through 50 and the (now updated) version of Tor that contains the Firefox 45 extended support release. The new Firefox fix has been released as 50.0.2. Tor has also released an update for the vulnerability as of version 6.0.7.
We recommend you update to the latest version of Firefox or Tor to continue using these browsers securely.
If you're using Firefox, you can see which version you're using by clicking the Firefox menu on the menu bar and selecting 'About Firefox.' A window will pop up and your version number will appear under the word "Firefox." If your version is out of date, the latest version should download automatically. If not, you can download the latest version of Firefox from the Mozilla website.
If you're using Tor Browser, make sure you're running the latest version by going to 'File' on Windows, or 'Tor Browser' on Mac, and selecting 'About Tor Browser.' Under the words "Firefox ESR" and your version number, it should say "Tor Browser is up to date." If not, download the latest version of Tor Browser from the Tor website.
This vulnerability is an example of so-called "zero day" exploits, in which hackers take advantage of a security flaw in software before the software vendor becomes aware of it.
This specific vulernability takes the form of an HTML and CSS file that uploads x86 code from your machine via Javascript running in Firefox or Tor browser. This x86 code sends the infected machine’s info to the IP address 5.39.27.266 on port 80, which is a web server hosted at OVH, located in France.