Tor and Firefox browsers have been hit by a critical vulnerability that was first detected in Firefox browser and addressed by Mozilla.
According to a statement by Mozilla on 11 October, the vulnerability known as a “use-after-free vulnerability” tracked as CVE-2024-9680 was first discovered and reported by a security firm known as ESET. The vulnerability was later launched against users of the Tor anonymity network.
What you should do
According to ESET, threat actors can easily exploit the vulnerability and cause a memory compromise without any interaction with the browser user. To prevent this, all Firefox and Tor users are encouraged to update their browsers to the latest versions to get rid of the vulnerability.
According to Tor, it is critical to update as soon as possible because this vulnerability can be used to hijack Tor Browser, the project said in a statement. It also stated that it was not aware of Tor browser users being targeted by the Firefox vulnerability.
“To be clear, the Tor Project has no evidence that Tor Browser users were targeted specifically. The Firefox vulnerability has since been addressed with Tor Browser releases 13.5.7, 13.5.8 (for Android), and 14.0a9.”
Mozilla in a statement also denied any knowledge of the vulnerability targeting Tor users after it released a solution for Firefox users.
The need for vigilance
Security vulnerabilities like this are quite common among internet users, hence the need for constant vigilance to ensure that one isn’t taken unawares.
To prevent further vulnerabilities, it is important to keep updating browsers and other pieces of software to have the highest level of protection at all times, because vulnerabilities usually target those using older versions of software.