However, Mozilla has patched this zero-day with the release of Firefox 50.0.2 and 45.5.1 ESR.
The Tor Project has released Tor internet tool 6.0.7 to fix the issue on its side.
This is a Javascript exploit actively used against TorBrowser NOW.
It consists of one HTML and one CSS file, both pasted below and also de-obscured.
The exact functionality is unknown but its getting access to VirtualAlloc in kernel32.dll and goes from there.
The zero-day is a memory corruption vulnerability that could be exploited to execute malicious code on Windows Machines.
The Tor web app is based on a version of Firefox and the two often share common vulnerabilities.
However, it should be noted that the Tor Project advises against disabling JavaScript.
source: www.techworm.net
