The Steel Guitar Forum Store 

Post new topic IMPORTANT. Update Firefox on Windows NOW
Reply to topic
Author Topic:  IMPORTANT. Update Firefox on Windows NOW
b0b


From:
Cloverdale, CA, USA
Post  Posted 30 Nov 2016 9:00 am    
Reply with quote

Emergency announcement. Windows Firefox users should switch to a different browser right away.

For details, read
www.wordfence.com/blog/2016/11/emergency-bulletin-firefox-0-day-wild

UPDATE
Wordfence wrote:
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1.

_________________
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video


Last edited by b0b on 30 Nov 2016 4:54 pm; edited 2 times in total
View user's profile Send private message Visit poster's website

Jon Light


From:
Saugerties, NY
Post  Posted 30 Nov 2016 9:36 am    
Reply with quote

Ok. That was startling. Done (switched to Chrome.)
Been on FF for around 6 hours today including an update this morning. Wonder how to tell if I've been bugged.
View user's profile Send private message Send e-mail Visit poster's website

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 30 Nov 2016 9:38 am    
Reply with quote

This 0-day is targeting a specialized version of Firefox, known as the Tor Browser. It is redirecting Tor users to a now offline server in France. This is a JavaScript exploit, which is fairly common in the cybercrime underworld. Firefox users who have the NoScript Add-on enabled will not be impacted, whether on the Dark Web (Tor) or the Bright Web.

As is typical, Mozilla will release a patch to everybody after analyzing the exploit code. Tor Browser will probably get a fix first.

Tor Onion websites are fraught with danger anyway.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog


Last edited by Wiz Feinberg on 30 Nov 2016 9:48 am; edited 1 time in total
View user's profile Send private message Send e-mail Visit poster's website

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 30 Nov 2016 9:43 am    
Reply with quote

Jon Light wrote:
Ok. That was startling. Done (switched to Chrome.)
Been on FF for around 6 hours today including an update this morning. Wonder how to tell if I've been bugged.


Did you visit any Onion websites on Tor? Are you using the Firefox Tor browser?
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Jon Light


From:
Saugerties, NY
Post  Posted 30 Nov 2016 10:26 am    
Reply with quote

Nope and nope.
View user's profile Send private message Send e-mail Visit poster's website

Mike DiAlesandro


From:
Kent, Ohio
Post  Posted 30 Nov 2016 1:59 pm    
Reply with quote

Ok

Last edited by Mike DiAlesandro on 30 Nov 2016 3:09 pm; edited 1 time in total
View user's profile Send private message Send e-mail Visit poster's website

Randy Schneider


From:
SW New Mexico, USA
Post  Posted 30 Nov 2016 2:51 pm    
Reply with quote

Firefox for Windows update (50.0.2) is now available. If you don't want to wait for it to be pushed to you, in FF go to 'help / about' and the new version will be downloaded.
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 30 Nov 2016 4:03 pm    
Reply with quote

Happy about the update, but this zero-day was specifically written to expose the location of users of the Dark Web (Tor). There was no malicious code involved, just IP leakage. See this Malwarebytes article for more details.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Randy Schneider


From:
SW New Mexico, USA
Post  Posted 30 Nov 2016 4:37 pm    
Reply with quote

Yes, this particular exploitation of the hole in FF was used for that purpose. The bigger concern was that once the vulnerability had been made public, other malicious payloads could/would take advantage of the now-known problem in Firefox and be delivered for purposes other than the Tor exposure. That is why FF needed to patch it so quickly.
View user's profile Send private message Send e-mail

b0b


From:
Cloverdale, CA, USA
Post  Posted 30 Nov 2016 4:51 pm    
Reply with quote

Update from Wordfence:
Quote:
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1.

_________________
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video
View user's profile Send private message Visit poster's website

Randy Schneider


From:
SW New Mexico, USA
Post  Posted 30 Nov 2016 4:54 pm    
Reply with quote

And thanks for letting us know about the problem this morning b0b. I hadn't heard about it before your post.
View user's profile Send private message Send e-mail

Ray Minich

 

From:
Bradford, Pa. Frozen Tundra
Post  Posted 30 Nov 2016 5:44 pm    
Reply with quote

Thanks b0b for the update info.

Didn't see anything on reddit or digg about this today so I really appreciate the guidance.

Thanks again.

PS: I wonder how many others start their forum browsing in "Steel Players"?
_________________
Lawyers are done: Emmons SD-10, 3 Dekleys including a D10, NV400, and lots of effects units to cover my clams...
View user's profile Send private message Send e-mail

Earnest Bovine


From:
Los Angeles CA USA
Post  Posted 1 Dec 2016 9:00 am    
Reply with quote

The updates for Firefox (50.0.2)and Tor (6.0.7) have been available since yesterday afternoon Nov 30.
View user's profile Send private message


All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories

www.SteelGuitarShopper.com

Please review our Forum Rules and Policies

Steel Guitar Forum LLC
PO Box 237
Mount Horeb, WI 53572 USA


Click Here to Send a Donation

Email admin@steelguitarforum.com for technical support.


BIAB Styles
Ray Price Shuffles for
Band-in-a-Box

by Jim Baron
HTTP