http://www.tomshardware.com/news/tor...ses,33117.html

The vulnerability, along with the code that exploits it in the wild, was found by an independent security researcher who alerted the Tor Project developers on the organization?s mailing list. The exploit code seems to work only on Windows and can directly call kernel32.dll, a core part of Windows.

It also seems to share most of the code with a 2013 exploit used by the FBI against the Tor browser. Therefore, it was either the FBI using it again, or someone that repurposed the code for their own malicious objectives. However, it?s typically governments that try to actively exploit the Tor browser, so chances that it was a random individual hacker are rather slim.

The Tor Project was alerted with the following message, followed by the exploit code:
?This is an Javascript exploit actively used against TorBrowser NOW,? warned the security researcher.

?It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP,? he urged.