WordFence Reports Firefox Zero Day Vulnerability
Yesterday both WordFence and Firefox issued a statement to let people know of a extremely important issue with the Firefox browser.
A zero day vulnerability refers to a hole in ssoftware that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
Below is the exact e-mail I received from WordFence:
Wordfence firstname.lastname@example.org via aweber.com
Nov 30 (1 day ago)
We’re sending out this unscheduled emergency bulletin to alert you that there is a 0 day vulnerability in the wild that affects Firefox web browsers and the Tor browser bundle. The vulnerability emerged a few hours ago.
We recommend you temporarily switch to a non-Firefox based browser until the Firefox dev team has a chance to release a fix. That should happen quite quickly.
We would like to encourage you to share this alert with the larger web community. It’s unusual for us to send out a non-WordPress related vulnerability, but the impact of this may be wide-spread. We also suspect that WordPress websites may be used as a watering hole to infect vulnerable web browsers using this new exploit.
Wordfence Founder & CEO
Basically make sure that you either stop using Firefox for the time being or make sure that you are using version Firefox 50.0.2.
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1. I also posted an extended update at the end of the post including data indicating this exploit may be part of a law enforcement operation.
As listed above, other browsers (Tor and Thunderbird) have also updated to account for this issue.
This Zero Day Vulnerability attack targeted Tor users specifically and the goal of the attack was to reveal the identity of the browser operator. It is also very similar to a 2013 attack that was likely launched on child porn website visitors by the FBI to identify and arrest them. The fact that this exploit simply tries to reveal a user’s identity rather than infect them with malware indicates it is being perpetrated by a law enforcement branch in some country.
Vice is now reporting that their sources are saying this exploit is active on a child porn website called The GiftBox Exchange. There are also warnings on the Dark Web about the presence of this malware. In my opinion this strongly indicates that this exploit is in fact the FBI or another agency targeting visitors of The GiftBox Exchange.
KEEP CLEAR OF THE SITES.
Don’t try typing it in and checking it out. Better safe then sorry. Stear clear and make sure your using a browser that was not affected. This Zero Day Vulnerability is not to be taken lightly and should be avoided at all costs.