Due to a Firefox vulnerability recently announced, Information Technology Services (ITS) recommends you temporarily switch browsers to Edge, IE, Chrome or a non-firefox based browser that is secure until Mozilla releases an update. The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is in the wild, meaning it’s now public and every hacker has access to it. There is no fix at the time of this alert.

This exploit causes a workstation report back to an IP address based at OVH in France. But this code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so new variants of this attack are likely to emerge.

Currently it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.

This is a watering hole attack, meaning that a victim has to visit a website that contains this exploit code to be attacked. WordPress websites are currently being hacked to exploit this vulnerability.

More information about the vulnerability can be found here: https://www.wordfence.com/blog/2016/11/emergency-bulletin-firefox-0-day-wild/