“To be clear, while the Firefox vulnerability is cross-platform, the attack code is Windows-specific. It appears that TBB users on Linux and OS X, as well as users of LiveCD systems like Tails, were not exploited by this attack,” he pointed out, and added that “it’s reasonable to conclude that the attacker now has a list of vulnerable Tor users who visited those hidden services.”
“Consider switching to a ‘live system’ approach like Tails. Really, switching away from Windows is probably a good security move for many reasons,” he advises. “Be sure to keep up-to-date in the future. Tor Browser Bundle automatically checks whether it’s out of date, and notifies you on its homepage when you need to upgrade. Recent versions also add a flashing exclamation point over the Tor onion icon.”
Bitdefender added detection against the Tor Browser Bundle exploit to its products.
“As the exploit is, we judge the probability of it being used in other attacks by other actors as high. So far, a handful of installed Bitdefender instances in France and the Dominican Republic have reported detection of the exploit,” they shared.