A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users.
A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. “This is a JavaScript exploit actively used against Tor Browser NOW,” the anonymous user wrote.
A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had “found the bug” and were “working on a patch.” On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox.
Several researchers started analyzing the newly discovered zero-day code.
The exploit code is reportedly a near match to the code used by the FBI in 2013 to deanonymize Tor users; Mozilla is aware of the zero-day and is working on a fix.
The code is poseted belowhttps://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
https://lists.torproject.org/pipermail/tor-talk/2016-November/042640.html