Attackers exploit the 0day vulnerability in the Tor web browser for cyber attacks

A new vulnerability in the Tor / Firefox web browser is used to install malware on users' computers. One of the first this information appeared on the Tor Project mailing list. To exploit the vulnerability, the exploit uses specially crafted HTML and CSS files. According to the well-known security re-writer Dan Guido, the vulnerability is of type use-after-free and affects the Scalable Vector Graphics (SVG) Firefox parser.



Founder of Tor Project Roger Dingledine notified users that the Firefox developers are aware of this problem and are working on a fix for the vulnerability. Users of the Tor web browser are advised to disable the use of JavaScript until the appropriate patch is released.
')
The vulnerability may be relevant for Tor / Firefox users on OS X, however, the exploit observed in the use of the attack is only relevant for Windows users. Since the Mozilla Firefox web browser for Windows users does not contain such actual protection measures against exploits as Google Chrome and MS Edge web browsers, its users are not protected from destructive actions of the 0day exploit.

We encourage users to wait for the appropriate update of the Tor web browser to be released and install it.