Developers of the Mozilla Firefox and Tor browsers have released a patch for a zero-day exploit that allows attackers to execute arbitrary code on victim workstations by tricking users into visiting specially-crafted webpages containing malicious Javascript and SVG code. In particular, the exploit has been actively used against Windows workstations to de-anonymize users of the Tor browser by executing code that collects identifying information from victim computers. The vulnerability can also potentially be exploited against other operating systems that use outdated versions of the Firefox or Tor browsers.
The UCLA Information Security Office recommends that users who have the Mozilla Firefox or Tor browsers patch their installations as soon as possible.
For more information, the UCLA Information Security Office recommends visiting Mozilla's Security Blog for more information about this zero-day exploit.
