An analysis done by Baneki Privacy Labs, a group of internet security researchers Cryptocloud has uncovered a JavaScript exploit that targets Firefox Long-Term Support version 17 which was included in the Tor Project browser bundle until June. But the Tor Project Firefox configuration doesn’t include automatic updates, so Tor users would not be protected unless they manually upgrade their Firefox browser.

The address that the exploit pointed to was defense contractor SAIC, which provides information technology to the US Department of Defense. Further analysis found that the address was part of a block of addresses allocated by SAIC to the National Security Agency.
read more