Author |
Topic: IMPORTANT. Update Firefox on Windows NOW |
b0b
From: Cloverdale, CA, USA
|
Posted 30 Nov 2016 9:00 am
|
|
Emergency announcement. Windows Firefox users should switch to a different browser right away.
For details, read
www.wordfence.com/blog/2016/11/emergency-bulletin-firefox-0-day-wild
UPDATE
Wordfence wrote: |
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1. |
_________________ -𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video
Last edited by b0b on 30 Nov 2016 4:54 pm; edited 2 times in total |
|
|
|
Jon Light
From: Saugerties, NY
|
Posted 30 Nov 2016 9:36 am
|
|
Ok. That was startling. Done (switched to Chrome.)
Been on FF for around 6 hours today including an update this morning. Wonder how to tell if I've been bugged. |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 30 Nov 2016 9:38 am
|
|
This 0-day is targeting a specialized version of Firefox, known as the Tor Browser. It is redirecting Tor users to a now offline server in France. This is a JavaScript exploit, which is fairly common in the cybercrime underworld. Firefox users who have the NoScript Add-on enabled will not be impacted, whether on the Dark Web (Tor) or the Bright Web.
As is typical, Mozilla will release a patch to everybody after analyzing the exploit code. Tor Browser will probably get a fix first.
Tor Onion websites are fraught with danger anyway. _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Last edited by Wiz Feinberg on 30 Nov 2016 9:48 am; edited 1 time in total |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 30 Nov 2016 9:43 am
|
|
Jon Light wrote: |
Ok. That was startling. Done (switched to Chrome.)
Been on FF for around 6 hours today including an update this morning. Wonder how to tell if I've been bugged. |
Did you visit any Onion websites on Tor? Are you using the Firefox Tor browser? _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From: Saugerties, NY
|
Posted 30 Nov 2016 10:26 am
|
|
Nope and nope. |
|
|
|
Mike DiAlesandro
From: Kent, Ohio
|
Posted 30 Nov 2016 1:59 pm
|
|
Ok
Last edited by Mike DiAlesandro on 30 Nov 2016 3:09 pm; edited 1 time in total |
|
|
|
Randy Schneider
From: SW New Mexico, USA
|
Posted 30 Nov 2016 2:51 pm
|
|
Firefox for Windows update (50.0.2) is now available. If you don't want to wait for it to be pushed to you, in FF go to 'help / about' and the new version will be downloaded. |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
|
|
|
Randy Schneider
From: SW New Mexico, USA
|
Posted 30 Nov 2016 4:37 pm
|
|
Yes, this particular exploitation of the hole in FF was used for that purpose. The bigger concern was that once the vulnerability had been made public, other malicious payloads could/would take advantage of the now-known problem in Firefox and be delivered for purposes other than the Tor exposure. That is why FF needed to patch it so quickly. |
|
|
|
b0b
From: Cloverdale, CA, USA
|
Posted 30 Nov 2016 4:51 pm
|
|
Update from Wordfence:
Quote: |
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1. |
_________________ -𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video |
|
|
|
Randy Schneider
From: SW New Mexico, USA
|
Posted 30 Nov 2016 4:54 pm
|
|
And thanks for letting us know about the problem this morning b0b. I hadn't heard about it before your post. |
|
|
|
Ray Minich
From: Bradford, Pa. Frozen Tundra
|
Posted 30 Nov 2016 5:44 pm
|
|
Thanks b0b for the update info.
Didn't see anything on reddit or digg about this today so I really appreciate the guidance.
Thanks again.
PS: I wonder how many others start their forum browsing in "Steel Players"? _________________ Lawyers are done: Emmons SD-10, 3 Dekleys including a D10, NV400, and lots of effects units to cover my clams... |
|
|
|
Earnest Bovine
From: Los Angeles CA USA
|
Posted 1 Dec 2016 9:00 am
|
|
The updates for Firefox (50.0.2)and Tor (6.0.7) have been available since yesterday afternoon Nov 30. |
|
|
|