INSTRUCTION STRINGS ACCESSORIES MUSIC LINKS
 Visit Our Catalog at SteelGuitarShopper.com for Steel Guitars, Strings, Instruction, Music and Accessories 
Forum Index
where steel players meet online
The Steel Guitar Forum

Post new topic IMPORTANT. Update Firefox on Windows NOW
Reply to topic
Author Topic:  IMPORTANT. Update Firefox on Windows NOW
b0b


From:
Northern California
Post Posted 30 Nov 2016 9:00 am     Reply with quote

Emergency announcement. Windows Firefox users should switch to a different browser right away.

For details, read
www.wordfence.com/blog/2016/11/emergency-bulletin-firefox-0-day-wild

UPDATE
Wordfence wrote:
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1.

_________________
-b0b- (SGF Admin) a.k.a. Bobby Lee ♪ CopedentsRice & BeanWine Country SwingStella


Last edited by b0b on 30 Nov 2016 4:54 pm; edited 2 times in total
View user's profile Send private message Send e-mail Visit poster's website
Jon Light


From:
Saugerties, NY
Post Posted 30 Nov 2016 9:36 am     Reply with quote

Ok. That was startling. Done (switched to Chrome.)
Been on FF for around 6 hours today including an update this morning. Wonder how to tell if I've been bugged.
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post Posted 30 Nov 2016 9:38 am     Reply with quote

This 0-day is targeting a specialized version of Firefox, known as the Tor Browser. It is redirecting Tor users to a now offline server in France. This is a JavaScript exploit, which is fairly common in the cybercrime underworld. Firefox users who have the NoScript Add-on enabled will not be impacted, whether on the Dark Web (Tor) or the Bright Web.

As is typical, Mozilla will release a patch to everybody after analyzing the exploit code. Tor Browser will probably get a fix first.

Tor Onion websites are fraught with danger anyway.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes


Last edited by Wiz Feinberg on 30 Nov 2016 9:48 am; edited 1 time in total
View user's profile Send private message Send e-mail Visit poster's website AIM Address
Wiz Feinberg


From:
Mid-Michigan, USA
Post Posted 30 Nov 2016 9:43 am     Reply with quote

Jon Light wrote:
Ok. That was startling. Done (switched to Chrome.)
Been on FF for around 6 hours today including an update this morning. Wonder how to tell if I've been bugged.


Did you visit any Onion websites on Tor? Are you using the Firefox Tor browser?
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website AIM Address
Jon Light


From:
Saugerties, NY
Post Posted 30 Nov 2016 10:26 am     Reply with quote

Nope and nope.
View user's profile Send private message Send e-mail Visit poster's website
Mike DiAlesandro


From:
Kent, Ohio
Post Posted 30 Nov 2016 1:59 pm     Reply with quote

Ok

Last edited by Mike DiAlesandro on 30 Nov 2016 3:09 pm; edited 1 time in total
View user's profile Send private message Send e-mail
Randy Schneider


From:
Central Texas, USA
Post Posted 30 Nov 2016 2:51 pm     Reply with quote

Firefox for Windows update (50.0.2) is now available. If you don't want to wait for it to be pushed to you, in FF go to 'help / about' and the new version will be downloaded.
View user's profile Send private message Send e-mail
Wiz Feinberg


From:
Mid-Michigan, USA
Post Posted 30 Nov 2016 4:03 pm     Reply with quote

Happy about the update, but this zero-day was specifically written to expose the location of users of the Dark Web (Tor). There was no malicious code involved, just IP leakage. See this Malwarebytes article for more details.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website AIM Address
Randy Schneider


From:
Central Texas, USA
Post Posted 30 Nov 2016 4:37 pm     Reply with quote

Yes, this particular exploitation of the hole in FF was used for that purpose. The bigger concern was that once the vulnerability had been made public, other malicious payloads could/would take advantage of the now-known problem in Firefox and be delivered for purposes other than the Tor exposure. That is why FF needed to patch it so quickly.
View user's profile Send private message Send e-mail
b0b


From:
Northern California
Post Posted 30 Nov 2016 4:51 pm     Reply with quote

Update from Wordfence:
Quote:
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1.

_________________
-b0b- (SGF Admin) a.k.a. Bobby Lee ♪ CopedentsRice & BeanWine Country SwingStella
View user's profile Send private message Send e-mail Visit poster's website
Randy Schneider


From:
Central Texas, USA
Post Posted 30 Nov 2016 4:54 pm     Reply with quote

And thanks for letting us know about the problem this morning b0b. I hadn't heard about it before your post.
View user's profile Send private message Send e-mail
Ray Minich


From:
Bradford, Pa. Frozen Tundra
Post Posted 30 Nov 2016 5:44 pm     Reply with quote

Thanks b0b for the update info.

Didn't see anything on reddit or digg about this today so I really appreciate the guidance.

Thanks again.

PS: I wonder how many others start their forum browsing in "Steel Players"?
_________________
Lawyers are done: Emmons SD-10, 3 Dekleys including a D10, NV400, and lots of effects units to cover my clams...
View user's profile Send private message Send e-mail
Earnest Bovine


From:
Los Angeles CA USA
Post Posted 1 Dec 2016 9:00 am     Reply with quote

The updates for Firefox (50.0.2)and Tor (6.0.7) have been available since yesterday afternoon Nov 30.
View user's profile Send private message

All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories

www.SteelGuitarShopper.com

Steel Guitar Music
Instrumental steel guitar CDs for your permanent collection
www.SteelGuitarMusic.com

BIAB Styles
Ray Price Shuffles
for Band-in-a-Box

by Jim Baron

Please review our Forum Rules and Policies

The Steel Guitar Forum
148 South Cloverdale Blvd.
Cloverdale, CA 95425 USA

Support This Forum

advertisement