Update at pm PST / pm EST: Firefox released a fix for this a few minutes ago.
I also posted an extended update at the end of the post including data indicating this exploit may be part of a law enforcement operation. We’re publishing this as an emergency bulletin for our customers and the larger web community.
A few hours ago a zero day vulnerability emerged in the Tor browser bundle and the Firefox web browser.
Attack pages try to install programs that steal private information, user your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
The vulnerability allows an attacker to execute code on your Windows workstation.
The exploit is in the wild, meaning it’s now public and every hacker on the planet has access to it. Currently this exploit causes a workstation report back to an IP address based at OVH in France.
Tor have also released a fix with version 6.0.7 of their browser.
There is also a Thunderbird fix out, version 45.5.1.
If you are updating your Firefox installation for Windows and you get a puzzling black screen of doom, here's a handy tip: disable graphics acceleration.
The symptoms here are that after you upgrade Firefox to version 33, the browser will launch into a black screen, possibly with a black dialog box (it's asking if you want to choose Firefox to be your default browser).
After majoring in physics, Kevin Lee began writing professionally in 1989 when, as a software developer, he also created technical articles for the Johnson Space Center.