Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

Fear not, feisty Firefox users, only v17 is affected. And who the hell would still be on v17?


SOURCE (http://www.wired.com/threatlevel/2013/08/freedom-hosting/)

Very genius, if not done before on a multitude of browsers.

Mind you, firefox 17 is VERY common, it is the Long term support version. And is used on a huge number of systems. In this case though, it is targeted because it is the version bundled with tor.

Remember when the Firefox users couldn't read SubSim for a week because the browser's listed it as a dangerous website? That was funny stuff.

I'm still on V13, so I'm safe :88)

I'm still on V13, so I'm safe :88)

:o What is it with people not updating software :O:

Seriously though,
any reason for still running 13?

Yep. Privacy reasons.
Firefox is more and more adding code into it's browser that some might name "spyware" behavior.

For the same reason the TOR project has made it's own build of Firefox.

Just checked and was on v18.0.2 have upgraded and it now says v23.

Is there that high a numbered version?

Just checked and was on v18.0.2 have upgraded and it now says v23.

Is there that high a numbered version?

23 is the latest (and greatest).

edit: if you ever need to know what version you have go into : help>about firefox up top Jim

23 is the latest (and greatest).

edit: if you ever need to know what version you have go into : help>about firefox up top Jim

Ah, right...cheers :up:

edit: if you ever need to know what version you have go into : help>about firefox up top Jim

Thanks for the tip, I did not know that.:up: I was on v22, so not too far out of date.

:subsim:

Yep. Privacy reasons.
Firefox is more and more adding code into it's browser that some might name "spyware" behavior.

For the same reason the TOR project has made it's own build of Firefox.

You know that TOR's build of Firefox is v17, aka the vulnerable version right?

Firefox development went to *@&% when they decided to go on the rapid release schedule. It was stupid of them to release a new version every 6 weeks, with improvements that amounted to what is barely a patch

They don't care about enterprise users and other "long term" users:
http://www.enterpriseefficiency.com/author.asp?section_id=1076&doc_id=230999

Thus TOR stuck with version 17, since it is nominally "long term support". But its not like Firefox actually tried very hard to support it. Long term support editions get patches rolled out slower than mainstream versions.

It must just have been a coincidence that after reading this thread I went to help/about to check my version and it was in the midst of updating to v23.

Ain't no moss on the feds back I tell you wut. :yep:

Not blocking javascript when surfing isn't the smartest thing to do, but not blocking it when using TOR is pure stupidity. It's not that javascript exploits have been unheard.