Update: Firefox version 50.0.2 has been released to fix the problem reported below. Read more…
This is a serious vulnerability that affects all Firefox users, not just people using Tor. The proof of concept exploit posted to the Tor browser mailing list used apparently old code to expose a Tor user’s public IP and MAC addresses. While you might think this is not your worry, the actual vulnerability affects ALL Firefox browsers. The vulnerability allows an attacker to execute arbitrary code on your Windows PC. Thus the payload will be much worse very soon.
In addition to the article on Ars Technica, there is an article on The Register and the emergency bulletin on the WordFence blog, where we first s learned of the problem. Because this vulnerability and the exploit are public, this will be re-implemented by criminals in a matter of hours. Because of this we agree with Wordfence and recommend that you stop using Firefox until Mozilla has issued a patch and your copy of Firefox is updated.