University at Buffalo - The State University of New York
Skip to Content

Firefox/Tor browser vulnerability threatens personal data

Published December 5, 2016

By Kenneth Kashif Thomas

If you like to cover your digital tracks using the Tor proxy service, you should know that a new vulnerability can reveal significant information about your browsing habits.

Kenneth Kashif Thomas (UB Student, Class of 2017) is an Economics major with an interest in Journalism. He is the 2016-17 Senior Features Editor of the UB Spectrum student newspaper.

The exploit affected Firefox versions 41 through 50 and the (now updated) version of Tor that contains the Firefox 45 extended support release. The new Firefox fix has been released as 50.0.2. Tor has also released an update for the vulnerability as of version 6.0.7.

We recommend you update to the latest version of Firefox or Tor to continue using these browsers securely.

Update Firefox

If you're using Firefox, you can see which version you're using by clicking the Firefox menu on the menu bar and selecting 'About Firefox.' A window will pop up and your version number will appear under the word "Firefox." If your version is out of date, the latest version should download automatically. If not, you can download the latest version of Firefox from the Mozilla website.

Update Tor Browser

If you're using Tor Browser, make sure you're running the latest version by going to 'File' on Windows, or 'Tor Browser' on Mac, and selecting 'About Tor Browser.' Under the words "Firefox ESR" and your version number, it should say "Tor Browser is up to date." If not, download the latest version of Tor Browser from the Tor website.

The Specifics

This vulnerability is an example of so-called "zero day" exploits, in which hackers take advantage of a security flaw in software before the software vendor becomes aware of it.

This specific vulernability takes the form of an HTML and CSS file that uploads x86 code from your machine via Javascript running in Firefox or Tor browser. This x86 code sends the infected machine’s info to the IP address 5.39.27.266 on port 80, which is a web server hosted at OVH, located in France.