Crashing the masquerade ball: New Firefox exploit could expose Tor users

russian hackers
Mozilla engineers are patching a previously unknown JavaScript zero-day exploit that could expose Tor users.

The exploit was delivered through a Tor mailing list that when opened could unveil the MAC address and possibly even the IP address of a user running Tor Browser on Firefox. It is “100 percent effective for remote code execution on Windows systems,” said security researcher Joshua Yabut. Versions 41 to 50 of Firefox are reportedly affected.

According to reports, the zero-day’s code exploits a memory corruption vulnerability on Windows devices. It requires JavaScript to be running on your machine in order to work. The code, which has now been reverse engineered, does not appear to be responding to connections any more.

One security researcher on Twitter, @TheWack0lian, noted that the code is almost identical to an exploit infamously used by the FBI in 2013 to hack into a child pornography site running on Tor and identify its users.

Roger Dingledine, Tor project lead, acknowledged that the bug had been discovered after it was flagged by a user called sigaint, and Tor is taking the necessary steps in response to the discovery.

“So it sounds like the immediate next step is that Mozilla finishes their patch for it; then the step after that is a quick Tor Browser update,” said Dingledine. “And somewhere in there people will look at the bug and see whether they think it really does apply to Tor Browser.”

Mozilla too is aware of the exploit, but we don’t have any update on a patch as of this writing. We do know however that this zero-day has in fact been exploited already and with the code now being publicly available, it makes the whole thing a little bit more dangerous. Firefox users should consider using a different browser until an update is released, or at least disable JavaScript as much as possible.

Cars

Tesla Model 3 vulnerability exposed at Pwn2Own; hackers take home the car

A Tesla Model 3 vulnerability was exposed at the Pwn2Own hacking competition. The hackers, who were able to display a message on the electric vehicle's internet browser, won $35,000 and took home the car.
Mobile

5G's arrival is transforming tech. Here's everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.
Home Theater

Kanopy privacy breach reveals which movies members have been streaming

Free video streaming site, Kanopy, has been inadvertently publishing millions of lines of web log data for days, according to a new security report. A bad actor could guess a person's identity and see what they've been watching.
Computing

Firefox 66 is here and it will soon block irritating autoplay videos

Do web advertisements have you frustrated? Mozilla is here to help. The latest version of the browser will soon block autoplaying videos by default and will also help make web page scrolling smoother.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Deals

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…
Computing

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 
Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Computing

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code. 
Mobile

This is the easiest way to save your iPhone data to your computer

Living in fear of losing your contacts, photos, messages, and notes on your iPhone? Fear no more -- in this guide, we'll break down exactly how to back up your iPhone to your computer using Apple's iTunes or to the cloud with iCloud.
Mobile

Here are the best iPad Pro keyboard cases to pick up with your new tablet

The iPad Pro range can double as laptops, but they do need proper keyboards to fill in effectively. Thankfully, there are loads to choose from and we rounded up the best iPad Pro keyboard cases right here.
Computing

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.
Computing

Nvidia faces attacks from AMD, Intel, and even Google. Should it be worried?

Nvidia announced an expanded array of RTX server solutions designed to leverage the power of ray-tracing at GTC 2019. The effort will help Nvidia take on Google's Stadia in game streaming with GeForce Now, and the company's investments in…
Computing

How 5G networks will make low-latency game streaming a reality

Faster speeds and more bandwidth are some of the many promises that 5G can deliver, but for gamers, the most important thing is low latency. To achieve low latency, carriers like AT&T and Verizon are exploring hybrid models for game…