{"id":25336,"date":"2024-10-16T04:10:05","date_gmt":"2024-10-16T12:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/10\/16\/news-19066\/"},"modified":"2024-10-16T04:10:05","modified_gmt":"2024-10-16T12:10:05","slug":"news-19066","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/10\/16\/news-19066\/","title":{"rendered":"Tor Browser and Firefox users should update to fix actively exploited vulnerability"},"content":{"rendered":"\n<p>Mozilla has <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2024-51\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">announced<\/a> a security fix for its Firefox browser which also impacts the closely related Tor Browser.<\/p>\n<p>The new version fixes one critical security vulnerability which is reportedly under active exploitation. To address the flaw, both Mozilla and Tor recommend that users update their browsers to the most current versions available.<\/p>\n<p>Firefox users that have automatic updates enabled should have the new version available as soon or shortly after they open the browser. Once you&#8217;re updated, your version number will be 131.0.3 or higher.<\/p>\n<p>Other users can update their browser by following&nbsp;<a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/update-firefox-latest-release\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">these instructions<\/a>:<\/p>\n<ul>\n<li>Click the menu button (3 horizontal stripes) at the right side of the Firefox toolbar, go to&nbsp;<strong>Help<\/strong>, and select&nbsp;<strong>About Firefox\/Tor Browser<\/strong>. The About Mozilla Firefox\/About Tor Browser window will open.<\/li>\n<li>Firefox\/Tor Browser will check for updates automatically. If an update is available, it will be downloaded.<\/li>\n<li>You will be prompted when the download is complete, then click&nbsp;<strong>Restart to update Firefox\/Tor Browser.<\/strong><\/li>\n<\/ul>\n<p>To update the Tor Browser you have to <strong>Connect<\/strong> first or it will fail to fetch the update. The latest version of Tor is 13.5.7.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"727\" height=\"374\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/Tor-updated.png\" alt=\"Tor Browser is up to date\" class=\"wp-image-118886\" \/><figcaption class=\"wp-element-caption\">Version number should be 13.5.7 or higher<\/figcaption><\/figure>\n<p>The vulnerability, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-9680\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-9680<\/a>, allows attackers to execute malicious code within the browser\u2019s content process, which is the environment where it loads and renders web content.<\/p>\n<p>About the vulnerability, Mozilla said:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAn attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.\u201d<\/p>\n<\/blockquote>\n<p>Use after free (UAF) is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program\u2019s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program.<\/p>\n<p>The Animation Timeline interface of the Web Animations Application Programming Interface (API) represents the timeline of an animation. Where the timeline is a source of time values for synchronization purposes.<\/p>\n<p>Exploitation is said to be relatively easy, requires no user interaction, and can be executed over the network.<\/p>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p><strong>We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/10\/tor-browser-and-firefox-users-should-update-to-fix-actively-exploited-vulnerability\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Mozilla warns that a vulnerability in Firefox and Tor Browser is actively being exploited against both browsers <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[32027,22783,11122,32,14709],"class_list":["post-25336","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cve-2024-9680","tag-exploits-and-vulnerabilities","tag-firefox","tag-news","tag-tor-browser"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25336"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25336\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}