Re: [tor-talk] Javascript exploit

2016-12-01 Thread Nathan Freitas
On Thu, Dec 1, 2016, at 01:27 PM, Nathan Freitas wrote: > On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote: > > On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote: > > > * The blog post about the 6.0.7 Tor Browser update will go up any > > > moment. I see that the Tor

Re: [tor-talk] Javascript exploit

2016-12-01 Thread Nathan Freitas
On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote: > On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote: > > * The blog post about the 6.0.7 Tor Browser update will go up any > > moment. I see that the Tor Browser team has already put the packages in > >

Re: [tor-talk] Javascript exploit

2016-11-30 Thread Roger Dingledine
On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote: > * The blog post about the 6.0.7 Tor Browser update will go up any > moment. I see that the Tor Browser team has already put the packages in > https://dist.torproject.org/torbrowser/6.0.7/ And there it is:

Re: [tor-talk] Javascript exploit

2016-11-30 Thread Roger Dingledine
On Wed, Nov 30, 2016 at 12:08:00PM +, Georg Koppen wrote: > FWIW: We plan to release 6.0.7 with the patch Mozilla developed in a > couple of hours. Updates to the alpha and hardened series will we > provided as well thereafter. Update: * The blog post about the 6.0.7 Tor Browser update will

Re: [tor-talk] Javascript exploit

2016-11-30 Thread Georg Koppen
Roger Dingledine: > On Tue, Nov 29, 2016 at 09:55:23PM -, firstwa...@sigaint.org wrote: >> This is an Javascript exploit > > Thanks. I pointed some folks on irc to this mail, and Daniel Veditz > (Mozilla Security Team) said "the Firefox team was sent a copy of that > this morning. We've found

Re: [tor-talk] Javascript exploit

2016-11-29 Thread Kristov Atlas
For anyone looking into it, I tried to clean up cssbanner.js a little more. https://gist.github.com/kristovatlas/e03be5f10e48801aec88b0e23f00a3d7 I didn't actually compare execution before and after my changes, so caveat emptor. On Tue, Nov 29, 2016 at 6:31 PM, Kevin

Re: [tor-talk] Javascript exploit

2016-11-29 Thread Kevin
The first var looks like an encryption key. Just my humble observation and food for thought. On 11/29/2016 4:55 PM, firstwa...@sigaint.org wrote: This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also

Re: [tor-talk] Javascript exploit

2016-11-29 Thread Roger Dingledine
On Tue, Nov 29, 2016 at 09:55:23PM -, firstwa...@sigaint.org wrote: > This is an Javascript exploit Thanks. I pointed some folks on irc to this mail, and Daniel Veditz (Mozilla Security Team) said "the Firefox team was sent a copy of that this morning. We've found the bug being used and are

[tor-talk] Javascript exploit

2016-11-29 Thread firstwatch
This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I had to break