Firefox and Tor release critical 0-day patch originating in FBI code

by Derek Kortepeter
Sept. 1, 2017 0 comments TechGenix Pen Testing & Audits vulnerabilities

The security world woke up Tuesday, November 29 to alarming reports of a 0-day vulnerability affecting Firefox and the anonymous browser Tor. The news first broke when an anonymous admin of the SIGAINT public email service published the exploit code. Written in Javascript, the code’s function was not totally known at the time but it was recognized as “getting access to VirtualAlloc in kernel32.dll.” In plain English, when a Windows machine used Firefox or Tor with Javascript enabled, the 0-day exploit allowed malicious code to be run at any time due to a memory corruption vulnerability. As the news began to spread about this dangerous exploit, security researchers began to notice similarities in the code to another exploit that the FBI utilized. One such security professional gave his analysis via Tweets, which are screen capped below: